JPWO2007007805A1 - Verification method, verification program, recording medium, information processing apparatus, integrated circuit - Google Patents

Abstract

Since information necessary for mounting, such as an interface, is disclosed to the virtual machine, anyone can mount the virtual machine. Therefore, by improperly mounting a virtual machine, it is possible to cause a program running on the virtual machine to perform an illegal operation instead of a normal operation. The program compares the specific memory information of the virtual machine with the verification information that the program itself has, based on the verification rules, and verifies that the virtual machine that operates itself is properly implemented. , Eliminate rogue virtual machines.

Description

  The present invention relates to a device that uses a virtual machine for program execution, and more particularly, to a technique for determining the legitimacy of a platform on which a virtual machine is mounted and eliminating the platform when the platform is illegal.

  In recent years, virtual machines have been used to run programs without depending on platforms such as OS and CPU. Generally, a virtual machine is implemented by software, and information necessary for implementation such as an interface is disclosed, so anyone can implement a virtual machine.

Therefore, by improperly mounting a virtual machine, it is possible to cause a program running on the virtual machine to perform an illegal operation instead of a normal operation. When the program is a program that protects the copyright of content such as a movie, for example, the content is illegally reproduced.
In view of the above problems, an object of the present invention is to provide an information processing method by which a program can verify that a virtual machine that operates itself is normally installed.

  In order to solve the above problems, the present invention is a verification method used in an information processing apparatus for executing processing related to content reproduction by a virtual machine included therein, and is recorded on a recording medium together with the content A verification method comprising: a reading step of reading a verification program; and a verification step of verifying the validity of the information processing apparatus including the virtual machine by executing the verification program by the virtual machine. To do.

By using the verification method described above, the verification program can verify whether or not the virtual machine that operates itself is properly implemented.
The verification step is based on the acquisition step in which the verification program acquires, as verification information, a value held at a predetermined memory address of the information processing apparatus, and the verification information acquired by the acquisition step. Thus, the verification program may determine whether the information processing apparatus is valid.

In the verification method described above, the information processing apparatus is verified using a value held at a predetermined memory address.
Therefore, a virtual machine cannot be implemented without knowing the memory address that holds the value for verification. This makes it difficult for an unauthorized third party who does not know the memory address to mount an unauthorized virtual machine.

The recording medium further records a reproduction-related program that is executed on the virtual machine and includes a processing procedure related to reproduction of the content. The verification method further includes the information processing as a result of the verification. When the device is illegal, it may include a suppression step for suppressing execution of the processing procedure related to the reproduction of the content.
As a result, it is possible to prevent content reproduction from being executed in an unauthorized virtual machine.

Further, the content is modified so that it can be restored by a predetermined restoration process, and the processing procedure relating to the reproduction of the content includes a procedure for restoring the transformed content by the restoration process, and the suppressing step May suppress the execution of the restoration process.
Thereby, for example, when the content is deformed for the purpose of copyright protection or the like, it is possible to prevent the content restoration processing from being executed in an unauthorized virtual machine.

The verification information may be information that changes according to timing.
According to the verification method described above, information that changes depending on the timing is used as verification information, so that even if a fraudulent analyst can identify the memory address that holds the verification information, the value of valid verification information must be specified. Becomes difficult.
Therefore, it becomes difficult to illegally implement an execution environment in which an unauthorized third party can pass verification by the verification program.

The verification information may be information related to the content to be reproduced.
According to the verification method described above, the verification program verifies the legitimacy of the information processing apparatus based on the information regarding the content to be reproduced.
Thereby, the verification program can verify whether or not the content to be reproduced is content to be used with the verification program.

Therefore, the above-described verification method allows, for example, an unauthorized third party to copy a valid verification program and pass the verification of the other content by reading the copied verification program when reproducing the other content. It is also possible to prevent fraud that causes
The verification information may be information depending on an execution environment including the virtual machine.

Thereby, the verification program can verify whether the execution environment for executing the verification program is an execution environment implemented by an unauthorized third party who does not know the valid verification information.
Further, a verification value and a verification rule are recorded in association with each other on the recording medium, and the determination step is recorded on the recording medium and the verification information acquired by the acquisition step. The information processing apparatus includes a comparison step of comparing the verification value with the verification rule associated with the verification value, and the determination step satisfies the verification rule as a result of the comparison May be determined to be valid.

This makes it difficult for an unauthorized third party who does not know the verification value and the verification rule to mount an unauthorized virtual machine.
The obtaining step includes a requesting step for requesting a value held at the predetermined memory address at a verification timing, and the verification method further includes the predetermined step in response to the request by the requesting step. A return step of reading the value held at the memory address of the received information and returning the read value to the verification program as the verification information, wherein the acquisition of the acquisition step includes the return of the response to the request It is acquisition of verification information, and the comparison step may perform the comparison using the verification information acquired by the reply.

  Further, a plurality of the verification values are recorded in the recording medium in association with the verification timing, and the comparison step includes the verification information acquired at the verification timing and the verification timing. The comparison is performed using the verification value and the verification rule that are associated with each other, and the determination step includes a repetition step of repeatedly executing the comparison step every time the verification timing is reached, and a result of the repetition And a determination step of determining that the information processing apparatus is illegal when the verification information and the verification value do not satisfy the verification rule a predetermined number of times or more.

In the verification method described above, when the verification rule is not satisfied a predetermined number of times or more, the information processing apparatus is determined to be illegal, so that the verification accuracy can be improved.
In addition, each of the plurality of verification values is recorded in the recording medium in association with identification information that uniquely identifies the virtual machine, and the comparison step includes virtual information included in the information processing apparatus. The comparison may be performed using a verification value corresponding to the identification information of the machine.

As a result, verification can be performed using different verification values for each virtual machine.
The recording medium further records a verification timing and a verification rule in association with each other, and the information processing apparatus further stores a value held at the predetermined memory address at a predetermined timing. Is stored as comparison information, and the acquisition step acquires the value held at the predetermined memory address at the verification timing as the verification information, and the determination step includes: A comparison step of comparing the verification information acquired at the verification timing with the comparison information stored in the storage unit based on the verification rule, and the determination step is based on the result of the comparison The determination as to whether the information processing apparatus is valid may be made.

  Further, the obtaining step includes a requesting step for requesting a value held at the predetermined memory address at the timing of the verification, and the verification method further includes the requesting step according to the request by the requesting step. A reply step of reading a value held at a predetermined memory address and returning the read value to the verification program as the verification information, wherein the acquisition of the acquisition step is the reply to the request The verification information may be acquired, and the comparison step may perform the comparison using the verification information acquired by the reply.

  Further, the information processing apparatus further includes a random number generation unit that generates a random number, and the verification method further causes the random number generation unit to generate a random number every time the verification timing comes. Including the random number holding step of holding the verification information at the predetermined address, and the acquiring step performs the acquisition of the verification information by reading the random number held by the random number holding step at the verification timing, The determination step may determine that the information processing apparatus is valid when the verification information is different from the comparison information as a result of the comparison.

This makes it difficult for an unauthorized third party who does not know the implementation of using a random number to verify the validity of the information processing apparatus to implement an unauthorized virtual machine.
The random number generation unit may perform the generation based on information depending on an execution environment including the virtual machine.
This reduces the possibility that the random number generation unit generates the same random number in each execution environment when the execution environments are different.

  Further, the information processing apparatus further includes a time measuring unit that measures time and writes the time to the predetermined memory address, and the storage unit compares the time written to the predetermined memory address at a predetermined timing. The acquisition step performs the acquisition of the verification information by reading the time written in the predetermined memory address at the timing of the verification, and the determination step includes: As a result of the comparison, when the time indicated in the verification information is increased from the time indicated in the comparison information, the information processing apparatus may determine that the information processing apparatus is valid.

Thereby, it is possible to make it difficult for an unauthorized third party who does not know the implementation to use time to verify the validity of the information processing apparatus to implement an unauthorized virtual machine.
An information processing apparatus that executes processing related to reproduction of content recorded on a recording medium and includes a virtual machine therein, wherein the recording medium is executed on the virtual machine, A verification program for verifying the validity of the information processing apparatus is recorded, and the information processing apparatus reads the verification program from the recording medium and a verification timing at a predetermined memory address of the information processing apparatus. Receiving means for receiving a value request held in the verification program from the verification program, and reply means for reading the value held in the predetermined memory address and returning the read value to the verification program when the request is received It is good also as providing.

  Further, the integrated circuit is mounted on an information processing apparatus that executes a process related to reproduction of content recorded on a recording medium and includes a virtual machine, and the recording medium is executed on the virtual machine. As a result, a verification program for verifying the validity of the information processing apparatus is recorded, and the integrated circuit reads out the verification program from the recording medium, and a predetermined memory address of the information processing apparatus Receiving means for receiving a request for a value held at the timing of verification from the verification program; reading the value held at the predetermined memory address when receiving the request; and reading the read value into the verification program It is good also as providing the reply means which replies to.

  Further, the recording medium stores a verification program for executing processing related to content reproduction and verifying the validity of the information processing apparatus including the virtual machine, and the verification program is stored in the information processing apparatus. An acquisition step of acquiring a value held at a predetermined memory address as verification information, and a determination of whether or not the information processing apparatus is valid based on the verification information acquired by the acquisition step It is good also as including a step.

  Further, a verification program for executing processing related to reproduction of content recorded in a recording medium and causing the information processing device to execute processing for verifying the validity of the information processing device including a virtual machine therein, Based on the acquisition step of acquiring, as verification information, a value held at a predetermined memory address of the information processing device, and whether or not the information processing device is valid based on the verification information acquired by the acquisition step And a determination step for determining whether or not.

  As described above, according to the present invention, there is an effect that it is possible to provide an information processing method capable of verifying that a virtual machine that operates itself is normally mounted by a program.

FIG. 3 illustrates a configuration of a recording medium and an information processing device according to Embodiment 1. The figure which shows the flow of the virtual machine code execution process in Embodiment 1 The figure which shows the flow of the validity verification process of the execution environment containing the virtual machine in Embodiment 1 Example of data structure of verification rule in Embodiment 1 Example of verification rule table structure of virtual machine code according to Embodiment 1 FIG. 11 is a diagram illustrating another example of the configuration of the recording medium and the information processing device in the first embodiment. FIG. 10 is a diagram illustrating another example of the configuration of the recording medium and the information processing device in the first embodiment. The figure which shows the system model of the storage medium and information processing apparatus in Embodiment 2 The figure which shows the operation | movement of the verification process in Embodiment 2, and a restoration process The figure which shows the flow of the validity verification process of the execution environment containing the virtual machine in Embodiment 2 FIG. 10 is a diagram illustrating another example of the system model of the storage medium and the information processing apparatus in the second embodiment. The figure which shows the generalized system model of the storage medium and information processing apparatus in Embodiment 2

Explanation of symbols

101, 801, 1201 Information processing apparatus 102, 802, 1202 Recording medium 111 Disk reading unit 112 User operation receiving unit 113 Virtual machine execution unit 114 Information holding unit 115 Virtual machine execution code 117 Verification value table identification information 118 Work information holding unit 121 Virtual machine code 1151 Verification value acquisition module 1154 Virtual machine code execution module 1121 Virtual machine verification module 1122 Verification information module 1123 Code dependent processing module 400 Verification rule table for each virtual machine 401 Address 402 Verification timing 403 Verification value 404 Verification rule 500 Verification information Verification rule table 813, 1113, 1213 held by holding module 1122 Clip file 814 Verification code 815 Secret Information code 816 Restoration information file 824, 1224 Module management unit 827, 1227 Playback control unit 829, 1229 Verification processing unit 830, 1230 Secret information calculation unit 831, 1131, 1231 Presentation processing unit 832, 1132, 1232 Restoration processing unit 901 Memory 902 Verification information memory 903 Virtual machine identification information 904 Interrupt management information 905 Interrupt management information for secret information calculation

The best mode for carrying out the invention will be described below with reference to the drawings.
(Embodiment 1)
A recording medium and an information processing apparatus according to an embodiment of the present invention will be described with reference to FIG.
The recording medium 102 stores a virtual machine code 121 that is a program that operates on the virtual machine. An example of implementation of the recording medium 102 is a BD (Blu-ray Disc), but is not limited thereto. Further, the virtual machine code 121 includes a virtual machine verification module 1121, a verification information holding module 1122, and a code dependence processing module 1123. Details of each module will be described later.

  The information processing apparatus 101 is an apparatus that executes a virtual machine code 121 using a virtual machine. As illustrated in FIG. 1, a disk reading unit 111, a user operation reception unit 112, a virtual machine execution unit 113, an information holding unit 114 and a work information holding unit 118. The virtual machine is software that converts a program implemented as the virtual machine code 121 into a native code for the platform and executes it in order to operate the program without depending on a platform such as a CPU or OS. Specifically, for example, the virtual machine is a Java (registered trademark) virtual machine, and the virtual machine code 121 is a Java (registered trademark) byte code, but is not limited thereto.

  As an implementation example of the information processing apparatus 101, a computer system including a CPU, work memory, flash memory, BD drive, and remote controller, the disk reading unit 111 is a BD (Blu-ray Disc) drive, The information holding unit 114 is a flash memory, the user operation receiving unit 112 is a remote controller, the work information holding unit 118 is a work memory, and the virtual machine execution unit 113 is software that operates using a CPU and a work memory. Although there is a configuration method, the configuration is not limited to software configuration such as hardware implementation. Other implementations are not limited to this.

The information holding unit 114 holds a virtual machine execution code 115 and virtual machine identification information 117. The virtual machine execution code 115 is software, and includes a verification value acquisition module 1151 and a virtual machine code execution module 1154. Details of each module will be described later.
The virtual machine identification information 117 is information for identifying a virtual machine, and is, for example, 8-byte data including “information processing apparatus manufacturer ID + information processing apparatus model number + virtual machine version number”. However, the information is not limited to this as long as the information can uniquely identify the virtual machine.

  Here, creation of verification information will be described. The provider of the regular virtual machine execution code 115 submits a verification rule table and virtual machine identification information 117 specific to each virtual machine as shown in FIG. 4 to the virtual machine management organization. The verification rule table may be a verification rule table or identification information for each playback device in which a virtual machine is mounted. The virtual machine management organization provides the virtual machine code implementer with a regular virtual machine verification rule table and virtual machine identification information 117. The implementer of the virtual machine code creates verification information based on this. FIG. 4 is a verification rule table specific to each virtual machine (each playback device). For example, an address 401 used for verification, a verification timing 402 indicating when to verify, and what value the address 401 has at that time A verification value 403 indicating whether the verification is taken, a verification rule 404 indicating the verification is successful in what state the value is. As shown in FIG. 4, the address 401 represents a specific address or a specific address range. The verification rule table is not limited to the table configuration as shown in FIG.

  In the present embodiment, a BD is assumed as the recording medium 102, and the virtual machine code 121 recorded therein is taken into the information processing apparatus 101 by the disk reading unit 111. However, the present invention is not limited to this. For example, the virtual machine code 121 may be imported into the information processing apparatus 101 by other methods such as replacing the disk reading unit 111 with the Internet connection unit and capturing the virtual machine code 121 into the information processing apparatus 101 via the Internet.

This completes the description of the recording medium and the information processing apparatus according to the embodiment of the present invention.
(Virtual machine code execution)
Next, execution of virtual machine code in the information processing apparatus 101 will be described with reference to FIG.

First, the information processing apparatus 101 starts processing upon receiving an instruction to execute the virtual machine code 121 on the recording medium 102 through the user operation receiving unit 112.
When the execution of the virtual machine code 121 is instructed, the virtual machine execution unit 113 loads the virtual machine execution code 115 from the information holding unit 114 and starts the virtual machine (S201).

Next, the virtual machine code 121 is read from the recording medium 102 through the disk reading unit 111, and the virtual machine execution unit 113 activates the virtual machine code 121 on the virtual machine (S202).
Whether the virtual machine code 121 started on the virtual machine is the verification timing 402 of the validity of the execution environment including the virtual machine executing itself using the virtual machine verification module 1121 and the verification information holding module 1122 A check is performed (S203).

If it is the verification timing 402, the validity of the execution environment including the virtual machine is verified (S204). Details of this processing will be described later.
The verification result of S204 is determined (S205), and in the case of NG, it is confirmed whether the number of NG has reached the specified number (S208). Here, when NG is equal to or greater than the specified number of times, the virtual machine code 121 is mounted so as to end its own execution, and therefore ends its execution.

If NG has not reached the specified number in S208, the process starts again from S203. The prescribed number of times may be one time or a plurality of times, and the effect of improving the accuracy of verification can be obtained by using a plurality of times.
If the verification result is OK in S205, the code dependency processing defined by the code dependency processing module 1123 in the virtual machine code 121 is executed (S206). The code-dependent processing module 1123 defines different processes for each virtual machine code 121. For example, as a copyright protection process for the content 122 such as a movie recorded separately on the recording medium 102, a decryption process for the content 122 is performed. Yes, but not limited to this.

When the code-dependent processing is finished, the execution of the virtual machine code 121 is finished (S207).
This is the end of the description of the execution of the virtual machine code 121 in the information processing apparatus 101.
(Verification of execution environment including virtual machines)
Details of the validity verification processing of the execution environment including the virtual machine will be described. This process is a process for verifying whether or not the execution environment including the virtual machine that executes the virtual machine code 121 is genuine.

  The virtual machine execution code 115 can be implemented by anyone because information necessary for the implementation such as the interface and processing contents is disclosed. For this reason, if it is not the regular virtual machine execution code 115, an illegal operation may be performed when the virtual machine code 121 is executed, and the processing of the virtual machine code 121 may not be performed correctly. For example, if the virtual machine code 121 is a program that protects the copyright of the content 122 such as a movie that is separately recorded on the recording medium 102, the content 122 is illegally reproduced and the copyright cannot be protected. The execution environment including the virtual machine needs to be verified.

  The modules constituting the virtual machine code 121 will be described. The virtual machine verification module 1121 is a module that verifies whether the execution environment including the virtual machine that executes the virtual machine is legitimate. The verification information holding module 1122 verifies the validity of the execution environment including the virtual machine. Information. Specifically, the verification value of the virtual machine identification information 117 is acquired from the virtual machine, and the validity of the execution environment including the virtual machine depends on whether the value matches the verification rule stored in the verification information storage module 1122. To verify. As a result, an emulator in which data including a player model number, manufacturer name, etc. is copied to a different playback device is created. For example, even if a virtual machine and the emulator are mounted on a computer, the verification rule table for each virtual machine in FIG. It is difficult to create an emulator so as to conform to 400, and the verification rule is not satisfied. Therefore, reproduction on such an illegal emulator can be prevented. Details of the verification process will be described later.

  FIG. 5 shows an example of the verification rule table 500 held by the verification information holding module 1122. The verification rule table 500 held by the verification information holding module 1122 indicates a correspondence between a part or all of the verification rule table 400 for each virtual machine provided in FIG. 4 and the virtual machine identification information 117. The verification rules used in the verification rule table 500 held by the verification information holding module 1122 can be freely selected and used from the verification rule table 400 by the creator of the virtual machine code 121. Each virtual machine code 121 has its own unique rule. Verification can be performed.

Next, modules constituting the virtual machine execution code 115 will be described.
The verification value acquisition module 1151 is a module that searches the work information holding unit 118 for the address specified by the virtual machine verification module 1121 in the virtual machine code 121 and acquires the value held at the address.
The virtual machine code execution module 1154 is a module that executes the process defined by the code dependency processing module 1123 in the virtual machine code 121 while converting it into native code that depends on the platform.

Subsequently, the validity verification processing flow of the execution environment including the virtual machine will be described with reference to FIG.
First, when the virtual machine code 121 is activated in S202 of FIG. 2, the virtual machine verification module 1121 compares the virtual machine identification information 117 of the information holding unit 114 with the verification rule table 500 held by the verification information holding module 1122. Thus, the verification timing 402 to be used is detected. For example, assuming that the virtual machine identification information 117 is 0x0011ff0000011001, the following description will be given. Next, in S203, the following verification process is performed when the detected verification timing is reached.

First, the virtual machine code 121 specifies an address 401 corresponding to the verification timing 402, and requests verification information from the virtual machine (S301). For example, when menu 1 is displayed, the address 0x00ff0001 is designated and verification information is requested.
The virtual machine acquires the value held at the designated address 0x00ff0001 on the work information holding unit 118 (S302), and returns the value as verification information to the virtual machine code 121 (S303).

The virtual machine code 121 acquires the returned verification information (S304), verifies the verification information and the verification value 403 based on the verification rule 404, and passes the result to S205 in FIG. In this example, if the verification information is the same value as 0xed, the verification result is OK, otherwise it is NG.
This is the end of the description of the validity verification processing of the execution environment including the virtual machine.

  It should be noted that the address 402 may be a physical / logical address or a real / virtual address as long as a legitimate virtual machine can acquire information of the designated address. The virtual machine may not use the designated address as it is, but may obtain the verification information after converting the address into information suitable for the work information holding unit 118 based on the address map information. The address map information only needs to be able to indicate the corresponding area of the work information holding unit 118, and may be configured to manage correspondence not only statically but also dynamically.

In this embodiment, a data length of 1 byte is used as the data length of the verification value. However, the present invention is not limited to this.
In addition, the work information holding unit 118 does not need to be able to refer to all areas by the verification value acquisition module 1151, and some areas can be implemented so that reference is impossible, It is possible to improve resistance to unauthorized analysis of the mounting environment including it.

(Example of validation rule)
In the present embodiment, a value on the work information holding unit 118 is acquired and used as verification information. Values used as verification information and verification rules will be described below. However, the values are not limited to these, and any value that is developed on the work information holding unit 118 is a candidate for verification information.

(1) Information related to content For example, in the verification rule table 500 held by the verification information holding module 1122 in FIG. If it is, verification is OK. In this way, in an execution environment including a regular virtual machine, information related to the content is stored in a specific area on the work information holding unit 118 at a certain timing, so that when the virtual machine code 121 is actually executed, The validity can be evaluated by verifying whether the prescribed information exists in a specific area. Note that the address may be one address instead of range designation. Both address and verification timing depend on the execution environment including the virtual machine.

  In addition to the information described above, the file size and time stamp of an index file, a navigation file, and other files stored in the recording medium 102 can be used as information related to the content. Also, the number of playlists and play items stored in the recording medium 102, some or all values of the content hash table, some or all data of sound information when a certain button is clicked, hash of the index table Any information can be used as long as it is information related to the content, such as part or all of the value.

(2) Information Dependent on Execution Environment Including Virtual Machine For example, as shown in FIG. 6, a random number generation unit 601 is further added to the information processing apparatus 101 and the random number generation unit 601 is operated in accordance with an instruction from the virtual machine code 121 To do. Then, as in the verification rule table 500 held by the verification information holding module 1122 in FIG. 5, a random number is generated in the execution environment including the virtual machine when the disk is inserted, and stored in the address 0x00aa0010, and the virtual machine code 121 stores the value. Hold. After that, the random number is generated and stored again at the same address at the start of playback or at the time of user operation, and the virtual machine code 121 acquires the newly generated random number and changes the value compared to the previously held random number. If it is, the verification is OK. If an unauthorized virtual machine does not have a random number generation function or does not know where the random number is written, the verification is not OK. Note that if the random number seed has a different value for each execution environment including a virtual machine, such as an address and virtual machine identification information 117, the possibility of generating the same random number is reduced.

In addition, virtual machines have different resources such as memory used depending on the mounting state. Here, for example, if the vacant area of the work information holding unit 118 during execution of the virtual machine code 121 is within a specific value range, the verification may be OK. In this case, if the memory size being used is different in an environment where an unauthorized virtual machine operates, verification is not OK.
Other than the above, the information depending on the execution environment including the virtual machine includes a hash calculation value (for example, using a return value immediately before the virtual machine code), information related to the content, but information displayed for each information processing apparatus 101. Different information (for example, the number of menu buttons, the difference in sound and video that can be played back, etc.) can be used.

In this way, it is possible to use all values depending on functions, mounting states, and other information unique to the execution environment including the virtual machine for verification.
(3) Information Dependent on Time and Timing For example, a timer 701 is added to the information processing apparatus 101 as shown in FIG. The clocking unit 701 is mounted so as to clock the current time and write it in a specific area of the work information holding unit 118. Then, as in the verification table rule 500 held by the verification information holding module 1122 in FIG. 5, the virtual machine code 121 acquires and holds the current time from 0x00ee002 when the disk is inserted, and then the same address when the clip file is switched. The current time is acquired from the current time, compared with the previously held time, and if it increases, the verification is OK. In this case, since a validation rule is set that the value is not only changed but always increased, an unauthorized execution environment cannot be created without knowing this implementation.

Further, there is a case where fast-forwarding is prohibited during playback of a certain title. At the timing when the title is played back, information on prohibiting fast-forwarding is held in a specific area of the work information holding unit 118. In this case, when the corresponding title is reproduced, the current state in the specific area is checked, and if it is information indicating that fast-forwarding is prohibited, the verification is OK.
In addition to the above, information depending on time and timing includes system parameters and operation parameters related to the information processing apparatus 101, chapter number currently being played back, time information included in the stream being played back (for example, ATS) , PTS, PCR, etc.) can be used.

  Any information that changes with time or timing can be used for verification. However, even if the data changes with time and timing, if information with a very high transfer rate is targeted, such as content information itself (regardless of encryption state, decryption state, and before and after decoding), the predetermined timing Since it is difficult to accurately predict information in a memory based on a certain address even with a legitimate device, it is desirable to use information that can be substantially predicted by the player manufacturer. In particular, in the case of a rule that checks the memory multiple times and checks the change value for data that changes with time and timing, it is possible to check the information at the exact same timing as the setting timing and the checking timing. Although it is necessary to verify at an accurate timing, it is difficult in reality, so information that has a high transfer rate is not used, or the verification rule 404 that is determined as a valid device in the verification rule 404 may be loosened. desirable.

The verification rule table 500 held by the verification information holding module 1122 may be any combination of the above-described information, and a unique verification rule table 500 can be created for each execution environment including a virtual machine.
(Embodiment 2)
FIG. 8 is a diagram showing a system model of the storage medium and the information processing apparatus in Embodiment 2 of the present invention.

  As shown in FIG. 8, the storage medium 802 describes a command program 811 that defines the playback order and behavior at the time of user operation, clip file attributes, time search map, playlist, play item, and the like. Clip file related information 812, clip file 813 including content such as video and audio, verification code 814 for verifying the validity of the execution environment including the virtual machine, and secret information used when performing content restoration processing A code 815 includes a restoration information file 816 for generating actual restoration information in combination with secret information when performing restoration processing.

  The information processing apparatus 801 includes a command processing unit 822 that processes the command program 811, a module management unit 824 that receives user input and sends it to the user operation control unit 823, and manages a playback title in content, and a user A user operation control unit 823 that calls and controls a function corresponding to an operation from the playback control unit 827; a register 826 that holds a device state and a variable being processed; processing of a playlist and play item of clip file related information 812; Also, an execution environment including a virtual machine is executed by executing a function calling process from the command processing unit 822 and the user operation control unit 823, executing a playback control unit 827 for controlling the presentation processing unit 831, and a verification code 814. A verification processing unit 829 for verifying the legitimacy of content, and a content restoration processing Information is generated from the secret information code 815, the presentation processing unit 831 that controls the reproduction and display of content, and the restoration information file 816 and the restoration information to generate restoration information. And a restoration processing unit 832 that notifies the presentation engine of the restoration of the content. The command processing unit 822 and the user operation control unit 823 are referred to as an operation module 821, the register 826 and the playback control unit 827 are included as a playback control processing unit 825, and the verification processing unit 829 and the secret information calculation unit 830 are included. These are called virtual machines 828. The above configuration is an example, and a specific example of the information processing device 801 is a processing device including a BD drive, and is not limited to hardware implementation or software configuration. Hereinafter, the operation will be described with reference to the processing flows of FIG. 8, FIG. 9, and FIG.

FIG. 9 is a diagram illustrating operations of verification processing and content restoration processing in the information processing apparatus 101.
First, the verification processing unit 829 acquires the virtual machine identification information 903 held by the virtual machine 828 (S1001), and reads a part or all of the verification code 814 corresponding to the virtual machine identification information 903. The interrupt management information 904 is acquired and held (S1002). The interrupt management information 904 is information for determining the execution start location (PC: program counter) of the verification code 814 according to the playback location such as for each title, and describes the combination of the execution start location and the playback location. ing. The virtual machine identification information 903 is information for identifying a virtual machine, and is data composed of, for example, “information processing apparatus manufacturer ID + information processing apparatus model number + virtual machine version number”. The information is not limited to this as long as the information can uniquely identify the virtual machine. Further, a signature may be added to the virtual machine identification information 903 to check its validity.

Next, the module management unit 824 instructs the verification processing unit 829 to start verification processing, including the title number to be reproduced from now on (S1003).
Based on the title number included in the instruction, the verification processing unit 829 acquires the corresponding PC from the interrupt management information 904, and executes the verification code 814 from the acquired PC (S1004).

Next, the executed verification code 814 verifies the execution environment including the virtual machine with reference to the verification information memory 902 including the memory area to be referred to at the time of verification (S1005). Note that since the verification method described in Embodiment 1 can be used for details of the verification method, detailed description thereof is omitted here.
If the verification result is OK, the processing is continued as it is (S1006). In the case of NG, if the prescribed number of times has not been reached, the process is continued, but if the prescribed number of NG has been reached (S1007), part or all of the content and secret information code 815, or other processing By rewriting data at a specific location on the memory 901 that holds the data (S1008), the information processing apparatus 101 can be prevented from operating normally. Specifically, since the secret information calculation unit 830 holds the secret information code 815 or the secret information necessary for the restoration process in the memory 901 during reproduction, the restoration process can be performed by rewriting part or all of the code. The effect that the normal operation cannot be performed and the normal reproduction cannot be performed is obtained. The restoration process will be described later. In addition, since a part of the title being played back can be held in the memory 901, it is normal in an execution environment including an unauthorized virtual machine by rewriting part or all of the title on the memory 901 in the case of NG. The effect of making it impossible to reproduce is obtained. The information to be rewritten is not limited to the above, and the same effect can be obtained by rewriting information other than the above.

  Although the information on the memory 901 is rewritten when the verification result is NG, the present invention is not limited to this, and NG is notified to the module management unit 824, and playback is stopped by an instruction from the module management unit 824. May be. The secret information calculation unit 830 may be notified of NG and the calculation of the secret information may be stopped. Not limited to this, the NG may be notified to other components as long as the normal information cannot be reproduced. .

  Further, the verification processing start instruction in S1003 is generated every time the reproduction title is switched, and is generated irregularly, for example, when the title is changed by a user operation or the like. However, at the time of special reproduction such as fast-forwarding or rewinding, the contents of the verification information memory 902 may be changed before one verification process is completed, so that the verification process start instruction may not be issued. If there is a verification process start instruction including another title number during the current verification process (S1005 to S1007 is repeated), the current verification process is terminated and a new The verification code 814 corresponding to the correct title number is executed (re-executed from S1004).

  Further, the execution of the verification code 814 in S1004 may not be executed depending on the title number received in the verification start instruction in S1003. Specifically, the verification code 814 generation side does not include a title number that does not require execution of the verification code 814 in the interrupt management information 904, or a specific PC is set, and the PC's Sometimes there is a way to specify not to execute.

Further, the verification information memory 902 and the memory 901 may be physically different in the same memory. In addition, it is possible to set a reference prohibition or rewrite prohibition area, respectively, and it is possible to obtain an effect of preventing malfunction and increasing resistance to unauthorized analysis.
(Restore process)
The restoration process includes the following methods.

  As shown in FIGS. 8 and 9, first, the secret information calculation unit 830 reads the secret information code 815 to acquire and hold the secret information calculation interrupt management information 905. The secret information calculation interrupt management information 905 is information for determining the execution start position (secret information PC: program counter) of the secret information code 815 for each play item number, for example, the play item number and the secret. The correspondence of the information PC is described.

The restoration processing unit 832 reads and holds part or all of the restoration information file 816.
The reproduction control unit 827 manages which position of which play item is currently being reproduced. When a certain play item is reproduced, for example, every 10 seconds, the play item number and the period information indicating the number of period are displayed. The secret information calculation unit 830 is notified. In addition, you may notify not what number period but how many seconds. Further, the notification timing is not 10 seconds, but may be notified periodically or irregularly, such as every second or every play item switching. The notification timing information may be included in the secret information code 815 and the reproduction control unit 827 may acquire the timing information from the secret information code 815.

Next, the secret information calculation unit 830 acquires the secret information PC from the secret information calculation interrupt management information 905 based on the notified play item number, and executes the secret information code 815 from the corresponding location.
The executed secret information code 815 calculates appropriate secret information for the period based on the period information, and notifies the restoration processing unit 832 of the secret information.

The restoration processing unit 832 obtains restoration information suitable for the playback location from the restoration information file, decrypts the secret information using XOR (Exclusive OR) calculation, etc., and presents the decrypted restoration information as a presentation. The processing unit 831 is notified.
The presentation processing unit 831 performs XOR calculation on the restoration position data included in the restoration information and the restoration data included in the restoration information, and overwrites them. The restoration position may be information that can uniquely identify the restoration position, such as the number of packets from the beginning of the clip file, read time information, and reproduction time information attached to the packets.

  The modified content can be restored as described above, and can be normally played back. Thus, for example, if the verification process is NG, the secret information calculation unit 830 rewrites part or all of the area on the memory 901 so that correct secret information cannot be acquired and is normal. It is possible to prevent proper reproduction. Note that it is sufficient to rewrite the data area necessary for calculating the secret information, such as the secret information code 815 or a part or all of the secret information.

Although the play item number is used, any information can be used as long as the currently reproduced position such as the title number, play list number, play item number, and combinations thereof can be uniquely identified.
In addition, the presentation processing unit 831 performs an XOR calculation between the restoration position data and the restoration data and overwrites it. However, the restoration processing unit 832 directly notifies the clip file held on the memory 901 without notifying the restoration information. Referring to, XOR calculation and overwriting may be performed.

  Although the restoration information file 816 includes the restoration information, the restoration information can be multiplexed in the stream of the clip file 1113 as shown in FIG. Specifically, the restoration information is stored in a PMT or a unique packet and multiplexed into a stream such as video or audio. In this case, the restoration processing unit 1132 can obtain a packet including restoration information from the stream being reproduced, and obtain the restoration information. Other configurations are the same as those in FIG.

  The restoration information includes the relative number of packets from the packet including the restoration information, the restoration position indicating which byte data of the packet is restored, the restoration position data, and the restoration data for XOR calculation. Yes. The restoration processing unit 1132 uses the secret information notified from the secret information calculation unit 830 to decode the restoration information by XOR calculation or the like, and performs XOR calculation of the restoration position data and the restoration data based on the decoded restoration information. Thus, the modified content can be restored by overwriting the result in the restoration position.

As described above, it is possible to perform the restoration process by multiplexing the restoration information on the clip file stream instead of the file, but the secret information calculation unit 830 may perform the same process.
Note that the restoration processing unit 1132 may notify the presentation processing unit 1131 of the decoded restoration information. In this case, the presentation processing unit 1131 performs XOR calculation on the restoration position data and the restoration data based on the restoration information. If the data at the restoration position is overwritten, the restoration process can be performed.

In addition, although XOR is used for restoration processing and restoration information decoding, the present invention is not limited to this, and any calculation such as AES (Advanced Encryption Standard) and DES (Data Encryption Standard) may be used.
FIG. 12 is a generalized configuration of the verification process and the restoration process shown in FIGS. 8 and 11, and the components other than the virtual machine 1228 and the restoration processing unit 1232 are general disk playback systems. It is a model. In other words, the implementation for realizing the verification process and the restoration process of the present application is characterized in that it can be implemented with almost no need to change a general disc playback system model.

  In the present embodiment, the description has been made such that the verification processing unit 832 directly reads the verification code 814 and the secret information calculation unit 830 directly reads the secret information code 815. However, the present invention is not limited to this. It may be obtained via an element. The verification code 814 and the secret information code 815 may be described so as to be included in other information on the storage medium 802 such as the command program 811 and the clip file related information 812.

In addition, each notification such as restoration information and interrupt information can be notified via a general calculation register (not shown) or via the memory 901, but this is not restrictive.
Although the interrupt management information 904 is acquired from the verification code 814, it may be a separate file or described in other information on the storage medium 802. Similarly, the secret information calculation interrupt management information 905 may be a separate file or described in other information on the storage medium 802.

(Other variations)
Although the present invention has been described based on the above embodiment, it is needless to say that the present invention is not limited to the above embodiment. The following cases are also included in the present invention.
(1) The information processing apparatus is specifically a computer system including a microprocessor, ROM, RAM, a hard disk unit, a display unit, a keyboard, a mouse, and the like. A computer program is stored in the RAM or hard disk unit. The information processing apparatus achieves its functions by the microprocessor operating according to the computer program. Here, the computer program is configured by combining a plurality of instruction codes indicating instructions for the computer in order to achieve a predetermined function.

  (2) A part or all of the constituent elements constituting the information processing apparatus may be configured by a single system LSI (Large Scale Integration). The system LSI is an ultra-multifunctional LSI manufactured by integrating a plurality of components on a single chip, and specifically, a computer system including a microprocessor, ROM, RAM, and the like. . A computer program is stored in the RAM. The system LSI achieves its functions by the microprocessor operating according to the computer program.

  In this case, the LSI manufacturer and the information processing device manufacturer may be different. At this time, for example, the LSI manufacturer provides and implements functions that can be used for verification, such as a random number generation function and a clocking function, so that the information processing apparatus manufacturer defines verification rules and verification addresses suitable for the device to be manufactured. can do. Therefore, the LSI manufacturer can reduce the cost for defining and managing the verification rule for each LSI, and the information processing apparatus manufacturer can freely define the verification rule for each version of the device to be manufactured.

  (3) Part or all of the constituent elements constituting the information processing apparatus may be configured as an IC card that can be attached to and detached from the information processing apparatus or a single module. The IC card or the module is a computer system including a microprocessor, a ROM, a RAM, and the like. The IC card or the module may include the super multifunctional LSI described above. The IC card or the module achieves its function by the microprocessor operating according to the computer program. This IC card or this module may have tamper resistance.

(4) The present invention may be the method described above. Further, the present invention may be a computer program that realizes these methods by a computer, or may be a digital signal composed of the computer program.
The present invention also provides a computer-readable recording medium such as a flexible disk, hard disk, CD-ROM, MO, DVD, DVD-ROM, DVD-RAM, BD (Blu-ray Disc). ), Recorded in a semiconductor memory or the like. The digital signal may be recorded on these recording media.

In the present invention, the computer program or the digital signal may be transmitted via an electric communication line, a wireless or wired communication line, a network represented by the Internet, a data broadcast, or the like.
The present invention may be a computer system including a microprocessor and a memory, wherein the memory stores the computer program, and the microprocessor operates according to the computer program.

In addition, the program or the digital signal is recorded on the recording medium and transferred, or the program or the digital signal is transferred via the network or the like, and executed by another independent computer system. It is good.
(5) The above embodiment and the above modifications may be combined.
(6) The present invention is a verification method used in an information processing apparatus for executing processing related to content reproduction by a virtual machine included therein, and reads out a verification program recorded on a recording medium together with the content And a verification step of verifying the validity of the information processing apparatus including the virtual machine by executing the verification program by the virtual machine.

Here, the “reading step” corresponds to the process of S202 of FIG. 2 described in the first embodiment.
The “verification step” corresponds to the process of S204 in FIG. 2 described in the first embodiment.
(7) In Modification (6), the verification step includes an acquisition step in which the verification program acquires, as verification information, a value held at a predetermined memory address of the information processing apparatus, and the acquisition A determination step in which the verification program determines whether or not the information processing apparatus is valid based on the verification information acquired in the step.

Here, the “acquisition step” corresponds to the processing of S301 and S304 of FIG. 3 described in (Embodiment 1).
In addition, the “determination step” includes, for example, “virtual machine code 121 obtains the returned verification information (in the first embodiment) described in (Validity verification of execution environment including virtual machine) ( S304), the verification information and the verification value 403 are verified based on the verification rule 404, and the result is passed to S205 in Fig. 2. In this example, if the verification information is the same value as 0xed, the verification result is OK, Otherwise, it is NG ”.

(8) In Modification (7), the recording medium further records a reproduction-related program that is executed on the virtual machine and includes a processing procedure related to reproduction of the content, and the verification method includes Further, when the information processing apparatus is illegal as a result of verification, a suppression step of suppressing execution of a processing procedure related to reproduction of the content may be included.
Here, “a reproduction-related program executed on the virtual machine and including a processing procedure related to the reproduction of the content” refers to the command program 811 and the clip file described in FIG. 8 in (Embodiment 2). Corresponding to related information 812, clip file 813, verification code 814, secret information code 815, and restoration information file 816.

Further, the “suppression step” corresponds to the case where S1006 of FIG. 10 described in (Embodiment 2) is NG and the processing of S1008.
(9) Further, in the modification (8), the content is modified so that it can be restored by a predetermined restoration process, and the processing procedure relating to the reproduction of the content includes the transformed content as the restoration process. The suppression step may include suppressing the execution of the restoration process.

Here, “predetermined restoration processing” and “procedure for restoring the deformed content by the restoration processing” correspond to the processing described in (restoration processing) of (Embodiment 2). For example, this corresponds to the processing performed by the secret information code 815, the restoration processing unit 832, and the presentation processing unit 831.
Further, “the suppression step suppresses the execution of the restoration process” means that “the content modified as described above can be restored and reproduced normally in the above (restoration process)”. Therefore, for example, if the above detection process is NG, rewriting part or all of the area on the memory 901 used by the secret information calculation unit 830 prevents correct secret information from being acquired, It is possible to prevent normal reproduction from being performed, ”and the like.

(10) In Modification (7), the verification information may be information that changes according to timing.
Here, the “information that changes depending on the timing” refers to “the time and timing in this way” in (3) information that depends on time and timing in (Example of verification rule) in (Embodiment 1). Any information that changes can be used for verification. "

(11) In Modification (7), the verification information may be information related to the content to be reproduced.
Here, “the information related to the content to be played” particularly corresponds to the description described in (1) Information related to content in (Example of verification rule) in (Embodiment 1).
(12) In Modification (7), the verification information may be information depending on an execution environment including the virtual machine.

Here, “information dependent on an execution environment including the virtual machine” is described in (2) Information dependent on an execution environment including a virtual machine in (Example of verification rule) in (Embodiment 1). Corresponds to the description.
(13) In Modification (7), a verification value and a verification rule are further recorded in association with each other on the recording medium, and the determination step includes the verification acquired in the acquisition step. A comparison step of comparing information and the verification value recorded on the recording medium based on the verification rule associated with the verification value, and the determination step includes the verification as a result of the comparison When the rule is satisfied, it may be determined that the information processing apparatus is valid.

Here, the “verification value” corresponds to the verification value 403 described with reference to FIG. 5 in (Embodiment 1).
The “verification rule” corresponds to the verification rule 404.
The “comparison step” and the “judgment step” are described in (Embodiment 1) described in (Validity verification of execution environment including virtual machine). Information is acquired (S304), the verification information and the verification value 403 are verified based on the verification rule 404, and the result is passed to S205 in Fig. 2. In this example, if the verification information is the same value as 0xed, the verification result Corresponds to the processing described as “OK is OK, otherwise NG”.

  (14) In Modification (13), the obtaining step includes a requesting step for requesting a value held at the predetermined memory address at the timing of verification, and the verification method further includes the request In response to the request by the step, the step of reading the value held in the predetermined memory address, and returning the read value as the verification information to the verification program, the acquisition of the acquisition step, The verification information returned in response to the request may be acquired, and the comparison step may perform the comparison using the verification information acquired by the response.

Here, the “request step” corresponds to S301 in FIG. 3 described in the first embodiment.
The “reply step” corresponds to S303 in FIG. 3 described in the first embodiment.
(15) In Modification (13), the recording medium further includes a plurality of verification values recorded in association with the verification timing, and the comparison step includes the verification timing at the verification timing. The comparison is performed using the obtained verification information, the verification value associated with the verification timing and the verification rule, and the determination step is repeated each time the verification timing comes A repetition step to be executed, and a determination step of determining that the information processing apparatus is illegal when the verification information and the verification value do not satisfy the verification rule more than a predetermined number of times as a result of the repetition. Also good.

Here, “verification timing” corresponds to the verification timing 402 of FIG. 5 described in the first embodiment.
Further, the “repetition step” particularly corresponds to the processing when S203, S204, S205, and S207 are NO and S208 is NO described in (Embodiment 1).
Further, the “determination step” corresponds to the processing in the case where S208 is YES.

(16) In Modification (13), each of the plurality of verification values is recorded in the recording medium in association with identification information for uniquely identifying the virtual machine, and the comparison step The comparison may be performed using a verification value corresponding to identification information of a virtual machine included in the information processing apparatus.
Here, the “identification information” corresponds to the virtual machine identification information 117 of FIG. 5 described in the first embodiment.

  (17) In Modification (7), a verification timing and a verification rule are further recorded in association with each other on the recording medium, and the information processing apparatus further performs the processing at a predetermined timing. Storage means for storing, as comparison information, a value held at a predetermined memory address, wherein the obtaining step uses the value held at the predetermined memory address at the verification timing as the verification information; And the determination step includes a comparison step of comparing the verification information acquired at the timing of the verification with the comparison information stored in the storage unit based on the verification rule. The step may perform the determination as to whether the information processing apparatus is valid based on the result of the comparison.

  (18) In Modification (17), the obtaining step includes a requesting step for requesting a value held at the predetermined memory address at the verification timing, and the verification method further includes: In response to the request from the request step, the method includes a reply step of reading a value held at the predetermined memory address and returning the read value to the verification program as the verification information. The verification information returned in response to the request may be acquired, and the comparison step may perform the comparison using the verification information acquired by the response.

  Here, the “storage means” is, for example, “and the verification information holding of FIG. 5 in (2) Information dependent on the execution environment including the virtual machine in (Example of verification rule) in (Embodiment 1). Like the verification rule table 500 held by the module 1122, a random number is generated in the execution environment including the virtual machine when the disk is inserted, and stored in the address 0x00aa0010 ”.

  In addition, the “acquisition step”, “comparison step”, and “determination step” are “replay after that” in (2) information dependent on the execution environment including the virtual machine in (example of verification rule) in (embodiment 1). The random number is generated and stored again at the same address at the start or at the time of user operation, and the virtual machine code 121 acquires the newly generated random number and the value is changed compared to the previously held random number. Based on the description of “Verification OK”.

The “request step” corresponds to S301 in FIG. 3 described in the first embodiment.
The “reply step” corresponds to S303 in FIG. 3 described in the first embodiment.
(19) Further, in Modification (17), the information processing apparatus further includes a random number generation unit that generates a random number, and the verification method further includes the random number generation unit at each verification timing. Generating a random number, and holding the generated random number at the predetermined address, and the obtaining step reads out the random number held by the random number holding step at the verification timing The verification information may be acquired, and the determining step may determine that the information processing apparatus is valid when the verification information is different from the comparison information as a result of the comparison. .

Here, the “random number generation unit” corresponds to the random number generation unit 601 in FIG. 6 described in (Embodiment 1).
Further, the “random number holding step” and the “judgment step” are “and the verification in FIG. As in the verification rule table 500 held by the information holding module 1122, a random number is generated in the execution environment including the virtual machine when the disk is inserted, and stored in the address 0x00aa0010. Then, the random number is generated and stored again, and the virtual machine code 121 acquires the newly generated random number, and if the value is changed compared to the previously held random number, the verification is OK. Corresponds to the description.

(20) In addition, in Modification (19), the random number generation unit may perform the generation based on information that depends on an execution environment including the virtual machine.
Here, the “random number generation unit” is the “random number seed” in (2) information dependent on the execution environment including the virtual machine in (Example of verification rule) in (Embodiment 1). If different values are set for each execution environment including virtual machines, such as the virtual machine identification information 117, the possibility of generating the same random number is reduced. "

  (21) In Modification (17), the information processing apparatus further includes a time measuring unit that measures time and writes the time to the predetermined memory address, and the storage unit stores the predetermined memory at a predetermined timing. The time written in the address is stored as comparison information, and the obtaining step reads the time written in the predetermined memory address at the verification timing to read the time in the verification information. The determination step determines that the information processing apparatus is valid when the time indicated in the verification information is greater than the time indicated in the comparison information as a result of the comparison. It is good to do.

Here, the “timer” corresponds to the timer 701 in FIG. 7 described in the first embodiment.
The “storage means”, “acquisition step”, and “determination step” are “and verification in FIG. Like the verification table rule 500 held by the information holding module 1122, the virtual machine code 121 acquires and holds the current time from 0x00ee002 when the disk is inserted, and then acquires the current time from the same address when the clip file is switched. In comparison with the time held last time, if it increases, the verification is OK ”.

  (22) Further, the present invention is an information processing apparatus that executes processing related to reproduction of content recorded in a recording medium and includes a virtual machine therein, the recording medium including the virtual machine on the virtual machine When executed, a verification program for verifying the validity of the information processing apparatus is recorded. The information processing apparatus includes a reading unit that reads the verification program from the recording medium; Accepting means for accepting a request for a value held at the timing of verification from the verification program to the memory address, and receiving the request, reads the value held at the predetermined memory address, and reads the read value to the memory address It is also an information processing apparatus including reply means for replying to the verification program.

  The present invention also provides an integrated circuit that is mounted on an information processing apparatus that executes processing related to reproduction of content recorded on a recording medium and includes a virtual machine. A verification program for verifying the validity of the information processing apparatus is recorded by being executed on the machine, and the integrated circuit reads out the verification program from the recording medium; and A receiving means for receiving a request for a value held at a predetermined memory address at the timing of verification from the verification program; and when receiving the request, the value held at the predetermined memory address is read and the read value It is also an integrated circuit provided with a reply means for sending back to the verification program.

Here, the “verification program” corresponds to the virtual machine verification module 1121 shown in FIG.
The “reading unit” corresponds to the disk reading unit 111 shown in FIG.
Further, the “accepting unit” and the “reply unit” are realized by the virtual machine execution unit 113 reading, decoding, and executing an instruction code included in the virtual machine execution code 115.

  Further, the present invention is a recording medium that records a verification program that executes processing related to content reproduction and verifies the validity of an information processing device that includes a virtual machine. An acquisition step of acquiring a value held at a predetermined memory address of the information processing device as verification information, and whether or not the information processing device is valid based on the verification information acquired by the acquisition step It is also a recording medium that includes a determination step for determining.

  The present invention also provides a verification program for executing processing related to reproduction of content recorded on a recording medium and causing the information processing device to execute processing for verifying the validity of the information processing device including a virtual machine. The information processing device is validated based on an acquisition step of acquiring, as verification information, a value held at a predetermined memory address of the information processing device, and the verification information acquired by the acquisition step. It is also a verification program including a determination step for determining whether or not.

Here, the “acquisition step” corresponds to the processing of S301 and S304 of FIG. 3 described in (Embodiment 1).
In addition, the “determination step” includes, for example, “virtual machine code 121 obtains the returned verification information (in the first embodiment) described in (Validity verification of execution environment including virtual machine) ( S304), the verification information and the verification value 403 are verified based on the verification rule 404, and the result is passed to S205 in Fig. 2. In this example, if the verification information is the same value as 0xed, the verification result is OK, Otherwise, it is NG ”.

(23) Further, the present invention may be configured as follows.
(23-1) The present invention is an information processing method for executing virtual machine code using a virtual machine, the step of verifying the validity of an execution environment in which the virtual machine code includes a virtual machine, And a step of stopping the processing of the virtual machine code when it is determined that the execution environment including the virtual machine is illegal.

  (23-2) In the information processing method according to the modification (23-1), the verification step further includes a step in which the virtual machine code requests acquisition of information held by an execution environment including the virtual machine; The virtual machine code providing the information to the virtual machine code, the virtual machine code comparing the information with the verification information held by the virtual machine code, and a rule defined by the virtual machine code And verifying legitimacy based on.

(23-3) Further, in the above modification (23-2), the information may be information related to content processed in an execution environment including the virtual machine.
(23-4) In the above modification (23-2), the information may be information depending on an execution environment including the virtual machine.
(23-5) In the above modification (23-2), the information may be information that dynamically changes depending on the execution environment including the virtual machine and the state of the content.

(23-6) Moreover, the present invention causes a computer to execute the steps included in the information processing method described in any of the above-described modified examples (23-1) to (23-5). It is also a program.
(23-7) Moreover, the present invention causes a computer to execute the steps included in the information processing method described in any of the above-described modified examples (23-1) to (23-5). It is also a computer-readable recording medium on which the program is recorded.

  The information processing method according to the present invention can be used in an information processing apparatus that uses a virtual machine and executes a platform-independent program, and security is required for a program that runs on the virtual machine, such as a copyright protection program. This is useful when

  The present invention relates to a device that uses a virtual machine for program execution, and more particularly, to a technique for determining the legitimacy of a platform on which a virtual machine is mounted and eliminating the platform when the platform is illegal.

  In recent years, virtual machines have been used to run programs without depending on platforms such as OS and CPU. Generally, a virtual machine is implemented by software, and information necessary for implementation such as an interface is disclosed, so anyone can implement a virtual machine.

Therefore, by improperly mounting a virtual machine, it is possible to cause a program running on the virtual machine to perform an illegal operation instead of a normal operation. When the program is a program that protects the copyright of content such as a movie, for example, the content is illegally reproduced.
In view of the above problems, an object of the present invention is to provide an information processing method by which a program can verify that a virtual machine that operates itself is normally installed.

  In order to solve the above problems, the present invention is a verification method used in an information processing apparatus for executing processing related to content reproduction by a virtual machine included therein, and is recorded on a recording medium together with the content A verification method comprising: a reading step of reading a verification program; and a verification step of verifying the validity of the information processing apparatus including the virtual machine by executing the verification program by the virtual machine. To do.

By using the verification method described above, the verification program can verify whether or not the virtual machine that operates itself is properly implemented.
The verification step is based on the acquisition step in which the verification program acquires, as verification information, a value held at a predetermined memory address of the information processing apparatus, and the verification information acquired by the acquisition step. Thus, the verification program may determine whether the information processing apparatus is valid.

In the verification method described above, the information processing apparatus is verified using a value held at a predetermined memory address.
Therefore, a virtual machine cannot be implemented without knowing the memory address that holds the value for verification. This makes it difficult for an unauthorized third party who does not know the memory address to mount an unauthorized virtual machine.

The recording medium further records a reproduction-related program that is executed on the virtual machine and includes a processing procedure related to reproduction of the content. The verification method further includes the information processing as a result of the verification. When the device is illegal, it may include a suppression step for suppressing execution of the processing procedure related to the reproduction of the content.
As a result, it is possible to prevent content reproduction from being executed in an unauthorized virtual machine.

Further, the content is modified so that it can be restored by a predetermined restoration process, and the processing procedure relating to the reproduction of the content includes a procedure for restoring the transformed content by the restoration process, and the suppressing step May suppress the execution of the restoration process.
Thereby, for example, when the content is deformed for the purpose of copyright protection or the like, it is possible to prevent the content restoration processing from being executed in an unauthorized virtual machine.

The verification information may be information that changes according to timing.
According to the verification method described above, information that changes depending on the timing is used as verification information, so that even if a fraudulent analyst can identify the memory address that holds the verification information, the value of valid verification information must be specified. Becomes difficult.
Therefore, it becomes difficult to illegally implement an execution environment in which an unauthorized third party can pass verification by the verification program.

The verification information may be information related to the content to be reproduced.
According to the verification method described above, the verification program verifies the legitimacy of the information processing apparatus based on the information regarding the content to be reproduced.
Thereby, the verification program can verify whether or not the content to be reproduced is content to be used with the verification program.

Therefore, the above-described verification method allows, for example, an unauthorized third party to copy a valid verification program and pass the verification of the other content by reading the copied verification program when reproducing the other content. It is also possible to prevent fraud that causes
The verification information may be information depending on an execution environment including the virtual machine.

Thereby, the verification program can verify whether the execution environment for executing the verification program is an execution environment implemented by an unauthorized third party who does not know the valid verification information.
Further, a verification value and a verification rule are recorded in association with each other on the recording medium, and the determination step is recorded on the recording medium and the verification information acquired by the acquisition step. The information processing apparatus includes a comparison step of comparing the verification value with the verification rule associated with the verification value, and the determination step satisfies the verification rule as a result of the comparison May be determined to be valid.

This makes it difficult for an unauthorized third party who does not know the verification value and the verification rule to mount an unauthorized virtual machine.
The obtaining step includes a requesting step for requesting a value held at the predetermined memory address at a verification timing, and the verification method further includes the predetermined step in response to the request by the requesting step. A return step of reading the value held at the memory address of the received information and returning the read value to the verification program as the verification information, wherein the acquisition of the acquisition step includes the return of the response to the request It is acquisition of verification information, and the comparison step may perform the comparison using the verification information acquired by the reply.

  Further, a plurality of the verification values are recorded in the recording medium in association with the verification timing, and the comparison step includes the verification information acquired at the verification timing and the verification timing. The comparison is performed using the verification value and the verification rule that are associated with each other, and the determination step includes a repetition step of repeatedly executing the comparison step every time the verification timing is reached, and a result of the repetition And a determination step of determining that the information processing apparatus is illegal when the verification information and the verification value do not satisfy the verification rule a predetermined number of times or more.

In the verification method described above, when the verification rule is not satisfied a predetermined number of times or more, the information processing apparatus is determined to be illegal, so that the verification accuracy can be improved.
In addition, each of the plurality of verification values is recorded in the recording medium in association with identification information that uniquely identifies the virtual machine, and the comparison step includes virtual information included in the information processing apparatus. The comparison may be performed using a verification value corresponding to the identification information of the machine.

As a result, verification can be performed using different verification values for each virtual machine.
The recording medium further records a verification timing and a verification rule in association with each other, and the information processing apparatus further stores a value held at the predetermined memory address at a predetermined timing. Is stored as comparison information, and the acquisition step acquires the value held at the predetermined memory address at the verification timing as the verification information, and the determination step includes: A comparison step of comparing the verification information acquired at the verification timing with the comparison information stored in the storage unit based on the verification rule, and the determination step is based on the result of the comparison The determination as to whether the information processing apparatus is valid may be made.

  Further, the obtaining step includes a requesting step for requesting a value held at the predetermined memory address at the timing of the verification, and the verification method further includes the requesting step according to the request by the requesting step. A reply step of reading a value held at a predetermined memory address and returning the read value to the verification program as the verification information, wherein the acquisition of the acquisition step is the reply to the request The verification information may be acquired, and the comparison step may perform the comparison using the verification information acquired by the reply.

  Further, the information processing apparatus further includes a random number generation unit that generates a random number, and the verification method further causes the random number generation unit to generate a random number every time the verification timing comes. Including the random number holding step of holding the verification information at the predetermined address, and the acquiring step performs the acquisition of the verification information by reading the random number held by the random number holding step at the verification timing, The determination step may determine that the information processing apparatus is valid when the verification information is different from the comparison information as a result of the comparison.

This makes it difficult for an unauthorized third party who does not know the implementation of using a random number to verify the validity of the information processing apparatus to implement an unauthorized virtual machine.
The random number generation unit may perform the generation based on information depending on an execution environment including the virtual machine.
This reduces the possibility that the random number generation unit generates the same random number in each execution environment when the execution environments are different.

  Further, the information processing apparatus further includes a time measuring unit that measures time and writes the time to the predetermined memory address, and the storage unit compares the time written to the predetermined memory address at a predetermined timing. The acquisition step performs the acquisition of the verification information by reading the time written in the predetermined memory address at the timing of the verification, and the determination step includes: As a result of the comparison, when the time indicated in the verification information is increased from the time indicated in the comparison information, the information processing apparatus may determine that the information processing apparatus is valid.

Thereby, it is possible to make it difficult for an unauthorized third party who does not know the implementation to use time to verify the validity of the information processing apparatus to implement an unauthorized virtual machine.
An information processing apparatus that executes processing related to reproduction of content recorded on a recording medium and includes a virtual machine therein, wherein the recording medium is executed on the virtual machine, A verification program for verifying the validity of the information processing apparatus is recorded, and the information processing apparatus reads the verification program from the recording medium and a verification timing at a predetermined memory address of the information processing apparatus. Receiving means for receiving a value request held in the verification program from the verification program, and reply means for reading the value held in the predetermined memory address and returning the read value to the verification program when the request is received It is good also as providing.

  Further, the integrated circuit is mounted on an information processing apparatus that executes a process related to reproduction of content recorded on a recording medium and includes a virtual machine, and the recording medium is executed on the virtual machine. As a result, a verification program for verifying the validity of the information processing apparatus is recorded, and the integrated circuit reads out the verification program from the recording medium, and a predetermined memory address of the information processing apparatus Receiving means for receiving a request for a value held at the timing of verification from the verification program; reading the value held at the predetermined memory address when receiving the request; and reading the read value into the verification program It is good also as providing the reply means which replies to.

  Further, the recording medium stores a verification program for executing processing related to content reproduction and verifying the validity of the information processing apparatus including the virtual machine, and the verification program is stored in the information processing apparatus. An acquisition step of acquiring a value held at a predetermined memory address as verification information, and a determination of whether or not the information processing apparatus is valid based on the verification information acquired by the acquisition step It is good also as including a step.

  Further, a verification program for executing processing related to reproduction of content recorded in a recording medium and causing the information processing device to execute processing for verifying the validity of the information processing device including a virtual machine therein, Based on the acquisition step of acquiring, as verification information, a value held at a predetermined memory address of the information processing device, and whether or not the information processing device is valid based on the verification information acquired by the acquisition step And a determination step for determining whether or not.

As described above, according to the present invention, there is an effect that it is possible to provide an information processing method capable of verifying that a virtual machine that operates itself is normally mounted by a program.

The best mode for carrying out the invention will be described below with reference to the drawings.
(Embodiment 1)
A recording medium and an information processing apparatus according to an embodiment of the present invention will be described with reference to FIG.
The recording medium 102 stores a virtual machine code 121 that is a program that operates on the virtual machine. An example of implementation of the recording medium 102 is a BD (Blu-ray Disc), but is not limited thereto. Further, the virtual machine code 121 includes a virtual machine verification module 1121, a verification information holding module 1122, and a code dependence processing module 1123. Details of each module will be described later.

  The information processing apparatus 101 is an apparatus that executes a virtual machine code 121 using a virtual machine. As illustrated in FIG. 1, a disk reading unit 111, a user operation reception unit 112, a virtual machine execution unit 113, an information holding unit 114 and a work information holding unit 118. The virtual machine is software that converts a program implemented as the virtual machine code 121 into a native code for the platform and executes it in order to operate the program without depending on a platform such as a CPU or OS. Specifically, for example, the virtual machine is a Java (registered trademark) virtual machine, and the virtual machine code 121 is a Java (registered trademark) byte code, but is not limited thereto.

  As an implementation example of the information processing apparatus 101, a computer system including a CPU, work memory, flash memory, BD drive, and remote controller, the disk reading unit 111 is a BD (Blu-ray Disc) drive, The information holding unit 114 is a flash memory, the user operation receiving unit 112 is a remote controller, the work information holding unit 118 is a work memory, and the virtual machine execution unit 113 is software that operates using a CPU and a work memory. Although there is a configuration method, the configuration is not limited to software configuration such as hardware implementation. Other implementations are not limited to this.

The information holding unit 114 holds a virtual machine execution code 115 and virtual machine identification information 117. The virtual machine execution code 115 is software, and includes a verification value acquisition module 1151 and a virtual machine code execution module 1154. Details of each module will be described later.
The virtual machine identification information 117 is information for identifying a virtual machine, and is, for example, 8-byte data including “information processing apparatus manufacturer ID + information processing apparatus model number + virtual machine version number”. However, the information is not limited to this as long as the information can uniquely identify the virtual machine.

  Here, creation of verification information will be described. The provider of the regular virtual machine execution code 115 submits a verification rule table and virtual machine identification information 117 specific to each virtual machine as shown in FIG. 4 to the virtual machine management organization. The verification rule table may be a verification rule table or identification information for each playback device in which a virtual machine is mounted. The virtual machine management organization provides the virtual machine code implementer with a regular virtual machine verification rule table and virtual machine identification information 117. The implementer of the virtual machine code creates verification information based on this. FIG. 4 is a verification rule table specific to each virtual machine (each playback device). For example, an address 401 used for verification, a verification timing 402 indicating when to verify, and what value the address 401 has at that time A verification value 403 indicating whether the verification is taken, a verification rule 404 indicating the verification is successful in what state the value is. As shown in FIG. 4, the address 401 represents a specific address or a specific address range. The verification rule table is not limited to the table configuration as shown in FIG.

  In the present embodiment, a BD is assumed as the recording medium 102, and the virtual machine code 121 recorded therein is taken into the information processing apparatus 101 by the disk reading unit 111. However, the present invention is not limited to this. For example, the virtual machine code 121 may be imported into the information processing apparatus 101 by other methods such as replacing the disk reading unit 111 with the Internet connection unit and capturing the virtual machine code 121 into the information processing apparatus 101 via the Internet.

This completes the description of the recording medium and the information processing apparatus according to the embodiment of the present invention.
(Virtual machine code execution)
Next, execution of virtual machine code in the information processing apparatus 101 will be described with reference to FIG.

First, the information processing apparatus 101 starts processing upon receiving an instruction to execute the virtual machine code 121 on the recording medium 102 through the user operation receiving unit 112.
When the execution of the virtual machine code 121 is instructed, the virtual machine execution unit 113 loads the virtual machine execution code 115 from the information holding unit 114 and starts the virtual machine (S201).

Next, the virtual machine code 121 is read from the recording medium 102 through the disk reading unit 111, and the virtual machine execution unit 113 activates the virtual machine code 121 on the virtual machine (S202).
Whether the virtual machine code 121 started on the virtual machine is the verification timing 402 of the validity of the execution environment including the virtual machine executing itself using the virtual machine verification module 1121 and the verification information holding module 1122 A check is performed (S203).

If it is the verification timing 402, the validity of the execution environment including the virtual machine is verified (S204). Details of this processing will be described later.
The verification result of S204 is determined (S205), and in the case of NG, it is confirmed whether the number of NG has reached the specified number (S208). Here, when NG is equal to or greater than the specified number of times, the virtual machine code 121 is mounted so as to end its own execution, and therefore ends its execution.

If NG has not reached the specified number in S208, the process starts again from S203. The prescribed number of times may be one time or a plurality of times, and the effect of improving the accuracy of verification can be obtained by using a plurality of times.
If the verification result is OK in S205, the code dependency processing defined by the code dependency processing module 1123 in the virtual machine code 121 is executed (S206). The code-dependent processing module 1123 defines different processes for each virtual machine code 121. For example, as a copyright protection process for the content 122 such as a movie recorded separately on the recording medium 102, a decryption process for the content 122 is performed. Yes, but not limited to this.

When the code-dependent processing is finished, the execution of the virtual machine code 121 is finished (S207).
This is the end of the description of the execution of the virtual machine code 121 in the information processing apparatus 101.
(Verification of execution environment including virtual machines)
Details of the validity verification processing of the execution environment including the virtual machine will be described. This process is a process for verifying whether or not the execution environment including the virtual machine that executes the virtual machine code 121 is genuine.

  The virtual machine execution code 115 can be implemented by anyone because information necessary for the implementation such as the interface and processing contents is disclosed. For this reason, if it is not the regular virtual machine execution code 115, an illegal operation may be performed when the virtual machine code 121 is executed, and the processing of the virtual machine code 121 may not be performed correctly. For example, if the virtual machine code 121 is a program that protects the copyright of the content 122 such as a movie that is separately recorded on the recording medium 102, the content 122 is illegally reproduced and the copyright cannot be protected. The execution environment including the virtual machine needs to be verified.

  The modules constituting the virtual machine code 121 will be described. The virtual machine verification module 1121 is a module that verifies whether the execution environment including the virtual machine that executes the virtual machine is legitimate. The verification information holding module 1122 verifies the validity of the execution environment including the virtual machine. Information. Specifically, the verification value of the virtual machine identification information 117 is acquired from the virtual machine, and the validity of the execution environment including the virtual machine depends on whether the value matches the verification rule stored in the verification information storage module 1122. To verify. As a result, an emulator in which data including a player model number, manufacturer name, etc. is copied to a different playback device is created. For example, even if a virtual machine and the emulator are mounted on a computer, the verification rule table for each virtual machine in FIG. It is difficult to create an emulator so as to conform to 400, and the verification rule is not satisfied. Therefore, reproduction on such an illegal emulator can be prevented. Details of the verification process will be described later.

  FIG. 5 shows an example of the verification rule table 500 held by the verification information holding module 1122. The verification rule table 500 held by the verification information holding module 1122 indicates a correspondence between a part or all of the verification rule table 400 for each virtual machine provided in FIG. 4 and the virtual machine identification information 117. The verification rules used in the verification rule table 500 held by the verification information holding module 1122 can be freely selected and used from the verification rule table 400 by the creator of the virtual machine code 121. Each virtual machine code 121 has its own unique rule. Verification can be performed.

Next, modules constituting the virtual machine execution code 115 will be described.
The verification value acquisition module 1151 is a module that searches the work information holding unit 118 for the address specified by the virtual machine verification module 1121 in the virtual machine code 121 and acquires the value held at the address.
The virtual machine code execution module 1154 is a module that executes the process defined by the code dependency processing module 1123 in the virtual machine code 121 while converting it into native code that depends on the platform.

Subsequently, the validity verification processing flow of the execution environment including the virtual machine will be described with reference to FIG.
First, when the virtual machine code 121 is activated in S202 of FIG. 2, the virtual machine verification module 1121 compares the virtual machine identification information 117 of the information holding unit 114 with the verification rule table 500 held by the verification information holding module 1122. Thus, the verification timing 402 to be used is detected. For example, assuming that the virtual machine identification information 117 is 0x0011ff0000011001, the following description will be given. Next, in S203, the following verification process is performed when the detected verification timing is reached.

First, the virtual machine code 121 specifies an address 401 corresponding to the verification timing 402, and requests verification information from the virtual machine (S301). For example, when menu 1 is displayed, the address 0x00ff0001 is designated and verification information is requested.
The virtual machine acquires the value held at the designated address 0x00ff0001 on the work information holding unit 118 (S302), and returns the value as verification information to the virtual machine code 121 (S303).

The virtual machine code 121 acquires the returned verification information (S304), verifies the verification information and the verification value 403 based on the verification rule 404, and passes the result to S205 in FIG. In this example, if the verification information is the same value as 0xed, the verification result is OK, otherwise it is NG.
This is the end of the description of the validity verification processing of the execution environment including the virtual machine.

  It should be noted that the address 402 may be a physical / logical address or a real / virtual address as long as a legitimate virtual machine can acquire information of the designated address. The virtual machine may not use the designated address as it is, but may obtain the verification information after converting the address into information suitable for the work information holding unit 118 based on the address map information. The address map information only needs to be able to indicate the corresponding area of the work information holding unit 118, and may be configured to manage correspondence not only statically but also dynamically.

In this embodiment, a data length of 1 byte is used as the data length of the verification value. However, the present invention is not limited to this.
In addition, the work information holding unit 118 does not need to be able to refer to all areas by the verification value acquisition module 1151, and some areas can be implemented so that reference is impossible, It is possible to improve resistance to unauthorized analysis of the mounting environment including it.

(Example of validation rule)
In the present embodiment, a value on the work information holding unit 118 is acquired and used as verification information. Values used as verification information and verification rules will be described below. However, the values are not limited to these, and any value that is developed on the work information holding unit 118 is a candidate for verification information.

(1) Information related to content For example, in the verification rule table 500 held by the verification information holding module 1122 in FIG. If it is, verification is OK. In this way, in an execution environment including a regular virtual machine, information related to the content is stored in a specific area on the work information holding unit 118 at a certain timing, so that when the virtual machine code 121 is actually executed, The validity can be evaluated by verifying whether the prescribed information exists in a specific area. Note that the address may be one address instead of range designation. Both address and verification timing depend on the execution environment including the virtual machine.

  In addition to the information described above, the file size and time stamp of an index file, a navigation file, and other files stored in the recording medium 102 can be used as information related to the content. Also, the number of playlists and play items stored in the recording medium 102, some or all values of the content hash table, some or all data of sound information when a certain button is clicked, hash of the index table Any information can be used as long as it is information related to the content, such as part or all of the value.

(2) Information Dependent on Execution Environment Including Virtual Machine For example, as shown in FIG. 6, a random number generation unit 601 is further added to the information processing apparatus 101 and the random number generation unit 601 is operated in accordance with an instruction from the virtual machine code 121 To do. Then, as in the verification rule table 500 held by the verification information holding module 1122 in FIG. 5, a random number is generated in the execution environment including the virtual machine when the disk is inserted, and stored in the address 0x00aa0010, and the virtual machine code 121 stores the value. Hold. After that, the random number is generated and stored again at the same address at the start of playback or at the time of user operation, and the virtual machine code 121 acquires the newly generated random number and changes the value compared to the previously held random number. If it is, the verification is OK. If an unauthorized virtual machine does not have a random number generation function or does not know where the random number is written, the verification is not OK. Note that if the random number seed has a different value for each execution environment including a virtual machine, such as an address and virtual machine identification information 117, the possibility of generating the same random number is reduced.

In addition, virtual machines have different resources such as memory used depending on the mounting state. Here, for example, if the vacant area of the work information holding unit 118 during execution of the virtual machine code 121 is within a specific value range, the verification may be OK. In this case, if the memory size being used is different in an environment where an unauthorized virtual machine operates, verification is not OK.
Other than the above, the information depending on the execution environment including the virtual machine includes a hash calculation value (for example, using a return value immediately before the virtual machine code), information related to the content, but information displayed for each information processing apparatus 101. Different information (for example, the number of menu buttons, the difference in sound and video that can be played back, etc.) can be used.

In this way, it is possible to use all values depending on functions, mounting states, and other information unique to the execution environment including the virtual machine for verification.
(3) Information Dependent on Time and Timing For example, a timer 701 is added to the information processing apparatus 101 as shown in FIG. The clocking unit 701 is mounted so as to clock the current time and write it in a specific area of the work information holding unit 118. Then, as in the verification table rule 500 held by the verification information holding module 1122 in FIG. 5, the virtual machine code 121 acquires and holds the current time from 0x00ee002 when the disk is inserted, and then the same address when the clip file is switched. The current time is acquired from the current time, compared with the previously held time, and if it increases, the verification is OK. In this case, since a validation rule is set that the value is not only changed but always increased, an unauthorized execution environment cannot be created without knowing this implementation.

Further, there is a case where fast-forwarding is prohibited during playback of a certain title. At the timing when the title is played back, information on prohibiting fast-forwarding is held in a specific area of the work information holding unit 118. In this case, when the corresponding title is reproduced, the current state in the specific area is checked, and if it is information indicating that fast-forwarding is prohibited, the verification is OK.
In addition to the above, information depending on time and timing includes system parameters and operation parameters related to the information processing apparatus 101, chapter number currently being played back, time information included in the stream being played back (for example, ATS) , PTS, PCR, etc.) can be used.

  Any information that changes with time or timing can be used for verification. However, even if the data changes with time and timing, if information with a very high transfer rate is targeted, such as content information itself (regardless of encryption state, decryption state, and before and after decoding), the predetermined timing Since it is difficult to accurately predict information in a memory based on a certain address even with a legitimate device, it is desirable to use information that can be substantially predicted by the player manufacturer. In particular, in the case of a rule that checks the memory multiple times and checks the change value for data that changes with time and timing, it is possible to check the information at the exact same timing as the setting timing and the checking timing. Although it is necessary to verify at an accurate timing, it is difficult in reality, so information that has a high transfer rate is not used, or the verification rule 404 that is determined as a valid device in the verification rule 404 may be loosened. desirable.

The verification rule table 500 held by the verification information holding module 1122 may be any combination of the above-described information, and a unique verification rule table 500 can be created for each execution environment including a virtual machine.
(Embodiment 2)
FIG. 8 is a diagram showing a system model of the storage medium and the information processing apparatus in Embodiment 2 of the present invention.

  As shown in FIG. 8, the storage medium 802 describes a command program 811 that defines the playback order and behavior at the time of user operation, clip file attributes, time search map, playlist, play item, and the like. Clip file related information 812, clip file 813 including content such as video and audio, verification code 814 for verifying the validity of the execution environment including the virtual machine, and secret information used when performing content restoration processing A code 815 includes a restoration information file 816 for generating actual restoration information in combination with secret information when performing restoration processing.

  The information processing apparatus 801 includes a command processing unit 822 that processes the command program 811, a module management unit 824 that receives user input and sends it to the user operation control unit 823, and manages a playback title in content, and a user A user operation control unit 823 that calls and controls a function corresponding to an operation from the playback control unit 827; a register 826 that holds a device state and a variable being processed; processing of a playlist and play item of clip file related information 812; Also, an execution environment including a virtual machine is executed by executing a function calling process from the command processing unit 822 and the user operation control unit 823, executing a playback control unit 827 for controlling the presentation processing unit 831, and a verification code 814. A verification processing unit 829 for verifying the legitimacy of content, and a content restoration processing Information is generated from the secret information code 815, the presentation processing unit 831 that controls the reproduction and display of content, and the restoration information file 816 and the restoration information to generate restoration information. And a restoration processing unit 832 that notifies the presentation engine of the restoration of the content. The command processing unit 822 and the user operation control unit 823 are referred to as an operation module 821, the register 826 and the playback control unit 827 are included as a playback control processing unit 825, and the verification processing unit 829 and the secret information calculation unit 830 are included. These are called virtual machines 828. The above configuration is an example, and a specific example of the information processing device 801 is a processing device including a BD drive, and is not limited to hardware implementation or software configuration. Hereinafter, the operation will be described with reference to the processing flows of FIG. 8, FIG. 9, and FIG.

FIG. 9 is a diagram illustrating operations of verification processing and content restoration processing in the information processing apparatus 101.
First, the verification processing unit 829 acquires the virtual machine identification information 903 held by the virtual machine 828 (S1001), and reads a part or all of the verification code 814 corresponding to the virtual machine identification information 903. The interrupt management information 904 is acquired and held (S1002). The interrupt management information 904 is information for determining the execution start location (PC: program counter) of the verification code 814 according to the playback location such as for each title, and describes the combination of the execution start location and the playback location. ing. The virtual machine identification information 903 is information for identifying a virtual machine, and is data composed of, for example, “information processing apparatus manufacturer ID + information processing apparatus model number + virtual machine version number”. The information is not limited to this as long as the information can uniquely identify the virtual machine. Further, a signature may be added to the virtual machine identification information 903 to check its validity.

Next, the module management unit 824 instructs the verification processing unit 829 to start verification processing, including the title number to be reproduced from now on (S1003).
Based on the title number included in the instruction, the verification processing unit 829 acquires the corresponding PC from the interrupt management information 904, and executes the verification code 814 from the acquired PC (S1004).

Next, the executed verification code 814 verifies the execution environment including the virtual machine with reference to the verification information memory 902 including the memory area to be referred to at the time of verification (S1005). Note that since the verification method described in Embodiment 1 can be used for details of the verification method, detailed description thereof is omitted here.
If the verification result is OK, the processing is continued as it is (S1006). In the case of NG, if the prescribed number of times has not been reached, the process is continued, but if the prescribed number of NG has been reached (S1007), part or all of the content and secret information code 815, or other processing By rewriting data at a specific location on the memory 901 that holds the data (S1008), the information processing apparatus 101 can be prevented from operating normally. Specifically, since the secret information calculation unit 830 holds the secret information code 815 or the secret information necessary for the restoration process in the memory 901 during reproduction, the restoration process can be performed by rewriting part or all of the code. The effect that the normal operation cannot be performed and the normal reproduction cannot be performed is obtained. The restoration process will be described later. In addition, since a part of the title being played can be held in the memory 901, it is normal in an execution environment including an unauthorized virtual machine by rewriting part or all of the title on the memory 901 in the case of NG. The effect of making it impossible to reproduce is obtained. The information to be rewritten is not limited to the above, and the same effect can be obtained by rewriting information other than the above.

  Although the information on the memory 901 is rewritten when the verification result is NG, the present invention is not limited to this, and NG is notified to the module management unit 824, and playback is stopped by an instruction from the module management unit 824. May be. The secret information calculation unit 830 may be notified of NG and the calculation of the secret information may be stopped. Not limited to this, the NG may be notified to other components as long as the normal information cannot be reproduced. .

  Further, the verification processing start instruction in S1003 is generated every time the reproduction title is switched, and is generated irregularly, for example, when the title is changed by a user operation or the like. However, at the time of special reproduction such as fast-forwarding or rewinding, the contents of the verification information memory 902 may be changed before one verification process is completed, so that the verification process start instruction may not be issued. If there is a verification process start instruction including another title number during the current verification process (S1005 to S1007 is repeated), the current verification process is terminated and a new The verification code 814 corresponding to the correct title number is executed (re-executed from S1004).

  Further, the execution of the verification code 814 in S1004 may not be executed depending on the title number received in the verification start instruction in S1003. Specifically, the verification code 814 generation side does not include a title number that does not require execution of the verification code 814 in the interrupt management information 904, or a specific PC is set, and the PC's Sometimes there is a way to specify not to execute.

Further, the verification information memory 902 and the memory 901 may be physically different in the same memory. In addition, it is possible to set a reference prohibition or rewrite prohibition area, respectively, and it is possible to obtain an effect of preventing malfunction and increasing resistance to unauthorized analysis.
(Restore process)
The restoration process includes the following methods.

  As shown in FIGS. 8 and 9, first, the secret information calculation unit 830 reads the secret information code 815 to acquire and hold the secret information calculation interrupt management information 905. The secret information calculation interrupt management information 905 is information for determining the execution start position (secret information PC: program counter) of the secret information code 815 for each play item number, for example, the play item number and the secret. The correspondence of the information PC is described.

The restoration processing unit 832 reads and holds part or all of the restoration information file 816.
The reproduction control unit 827 manages which position of which play item is currently being reproduced. When a certain play item is reproduced, for example, every 10 seconds, the play item number and the period information indicating the number of period are displayed. The secret information calculation unit 830 is notified. In addition, you may notify not what number period but how many seconds. Further, the notification timing is not 10 seconds, but may be notified periodically or irregularly, such as every second or every play item switching. The notification timing information may be included in the secret information code 815 and the reproduction control unit 827 may acquire the timing information from the secret information code 815.

Next, the secret information calculation unit 830 acquires the secret information PC from the secret information calculation interrupt management information 905 based on the notified play item number, and executes the secret information code 815 from the corresponding location.
The executed secret information code 815 calculates appropriate secret information for the period based on the period information, and notifies the restoration processing unit 832 of the secret information.

The restoration processing unit 832 obtains restoration information suitable for the playback location from the restoration information file, decrypts the secret information using XOR (Exclusive OR) calculation, etc., and presents the decrypted restoration information as a presentation. The processing unit 831 is notified.
The presentation processing unit 831 performs XOR calculation on the restoration position data included in the restoration information and the restoration data included in the restoration information, and overwrites them. The restoration position may be information that can uniquely specify the restoration position, such as the number of packets from the top of the clip file, read time information, and reproduction time information attached to the packets.

  The modified content can be restored as described above, and can be normally played back. Thus, for example, if the verification process is NG, the secret information calculation unit 830 rewrites part or all of the area on the memory 901 so that correct secret information cannot be acquired and is normal. It is possible to prevent proper reproduction. Note that it is sufficient to rewrite the data area necessary for calculating the secret information, such as the secret information code 815 or a part or all of the secret information.

Although the play item number is used, any information can be used as long as the currently reproduced position such as the title number, play list number, play item number, and combinations thereof can be uniquely identified.
In addition, the presentation processing unit 831 performs an XOR calculation between the restoration position data and the restoration data and overwrites it. However, the restoration processing unit 832 directly notifies the clip file held on the memory 901 without notifying the restoration information. Referring to, XOR calculation and overwriting may be performed.

  Although the restoration information file 816 includes the restoration information, the restoration information can be multiplexed in the stream of the clip file 1113 as shown in FIG. Specifically, the restoration information is stored in a PMT or a unique packet and multiplexed into a stream such as video or audio. In this case, the restoration processing unit 1132 can obtain a packet including restoration information from the stream being reproduced, and obtain the restoration information. Other configurations are the same as those in FIG.

  The restoration information includes the relative number of packets from the packet including the restoration information, the restoration position indicating which byte data of the packet is restored, the restoration position data, and the restoration data for XOR calculation. Yes. The restoration processing unit 1132 uses the secret information notified from the secret information calculation unit 830 to decode the restoration information by XOR calculation or the like, and performs XOR calculation of the restoration position data and the restoration data based on the decoded restoration information. Thus, the modified content can be restored by overwriting the result in the restoration position.

As described above, it is possible to perform the restoration process by multiplexing the restoration information on the clip file stream instead of the file, but the secret information calculation unit 830 may perform the same process.
Note that the restoration processing unit 1132 may notify the presentation processing unit 1131 of the decoded restoration information. In this case, the presentation processing unit 1131 performs XOR calculation on the restoration position data and the restoration data based on the restoration information. If the data at the restoration position is overwritten, the restoration process can be performed.

In addition, although XOR is used for restoration processing and restoration information decoding, the present invention is not limited to this, and any calculation such as AES (Advanced Encryption Standard) and DES (Data Encryption Standard) may be used.
FIG. 12 is a generalized configuration of the verification process and the restoration process shown in FIGS. 8 and 11, and the components other than the virtual machine 1228 and the restoration processing unit 1232 are general disk playback systems. It is a model. In other words, the implementation for realizing the verification process and the restoration process of the present application is characterized in that it can be implemented with almost no need to change a general disc playback system model.

  In the present embodiment, the description has been made such that the verification processing unit 832 directly reads the verification code 814 and the secret information calculation unit 830 directly reads the secret information code 815. However, the present invention is not limited to this. It may be obtained via an element. The verification code 814 and the secret information code 815 may be described so as to be included in other information on the storage medium 802 such as the command program 811 and the clip file related information 812.

In addition, each notification such as restoration information and interrupt information can be notified via a general calculation register (not shown) or via the memory 901, but this is not restrictive.
Although the interrupt management information 904 is acquired from the verification code 814, it may be a separate file or described in other information on the storage medium 802. Similarly, the secret information calculation interrupt management information 905 may be a separate file or described in other information on the storage medium 802.

(Other variations)
Although the present invention has been described based on the above embodiment, it is needless to say that the present invention is not limited to the above embodiment. The following cases are also included in the present invention.
(1) The information processing apparatus is specifically a computer system including a microprocessor, ROM, RAM, a hard disk unit, a display unit, a keyboard, a mouse, and the like. A computer program is stored in the RAM or hard disk unit. The information processing apparatus achieves its functions by the microprocessor operating according to the computer program. Here, the computer program is configured by combining a plurality of instruction codes indicating instructions for the computer in order to achieve a predetermined function.

  (2) A part or all of the constituent elements constituting the information processing apparatus may be configured by a single system LSI (Large Scale Integration). The system LSI is an ultra-multifunctional LSI manufactured by integrating a plurality of components on a single chip, and specifically, a computer system including a microprocessor, ROM, RAM, and the like. . A computer program is stored in the RAM. The system LSI achieves its functions by the microprocessor operating according to the computer program.

  In this case, the LSI manufacturer and the information processing device manufacturer may be different. At this time, for example, the LSI manufacturer provides and implements functions that can be used for verification, such as a random number generation function and a clocking function, so that the information processing apparatus manufacturer defines verification rules and verification addresses suitable for the device to be manufactured. can do. Therefore, the LSI manufacturer can reduce the cost for defining and managing the verification rule for each LSI, and the information processing apparatus manufacturer can freely define the verification rule for each version of the device to be manufactured.

  (3) Part or all of the constituent elements constituting the information processing apparatus may be configured as an IC card that can be attached to and detached from the information processing apparatus or a single module. The IC card or the module is a computer system including a microprocessor, a ROM, a RAM, and the like. The IC card or the module may include the super multifunctional LSI described above. The IC card or the module achieves its function by the microprocessor operating according to the computer program. This IC card or this module may have tamper resistance.

(4) The present invention may be the method described above. Further, the present invention may be a computer program that realizes these methods by a computer, or may be a digital signal composed of the computer program.
The present invention also provides a computer-readable recording medium such as a flexible disk, hard disk, CD-ROM, MO, DVD, DVD-ROM, DVD-RAM, BD (Blu-ray Disc). ), Recorded in a semiconductor memory or the like. The digital signal may be recorded on these recording media.

In the present invention, the computer program or the digital signal may be transmitted via an electric communication line, a wireless or wired communication line, a network represented by the Internet, a data broadcast, or the like.
The present invention may be a computer system including a microprocessor and a memory, wherein the memory stores the computer program, and the microprocessor operates according to the computer program.

In addition, the program or the digital signal is recorded on the recording medium and transferred, or the program or the digital signal is transferred via the network or the like, and executed by another independent computer system. It is good.
(5) The above embodiment and the above modifications may be combined.
(6) The present invention is a verification method used in an information processing apparatus for executing processing related to content reproduction by a virtual machine included therein, and reads out a verification program recorded on a recording medium together with the content And a verification step of verifying the validity of the information processing apparatus including the virtual machine by executing the verification program by the virtual machine.

Here, the “reading step” corresponds to the process of S202 of FIG. 2 described in the first embodiment.
The “verification step” corresponds to the process of S204 in FIG. 2 described in the first embodiment.
(7) In Modification (6), the verification step includes an acquisition step in which the verification program acquires, as verification information, a value held at a predetermined memory address of the information processing apparatus, and the acquisition A determination step in which the verification program determines whether or not the information processing apparatus is valid based on the verification information acquired in the step.

Here, the “acquisition step” corresponds to the processing of S301 and S304 of FIG. 3 described in (Embodiment 1).
In addition, the “determination step” includes, for example, “virtual machine code 121 obtains the returned verification information (in the first embodiment) described in (Validity verification of execution environment including virtual machine) ( S304), the verification information and the verification value 403 are verified based on the verification rule 404, and the result is passed to S205 in Fig. 2. In this example, if the verification information is the same value as 0xed, the verification result is OK, Otherwise, it is NG ”.

(8) In Modification (7), the recording medium further records a reproduction-related program that is executed on the virtual machine and includes a processing procedure related to reproduction of the content, and the verification method includes Further, when the information processing apparatus is illegal as a result of verification, a suppression step of suppressing execution of a processing procedure related to reproduction of the content may be included.
Here, “a reproduction-related program executed on the virtual machine and including a processing procedure related to the reproduction of the content” refers to the command program 811 and the clip file described in FIG. 8 in (Embodiment 2). Corresponding to related information 812, clip file 813, verification code 814, secret information code 815, and restoration information file 816.

Further, the “suppression step” corresponds to the case where S1006 of FIG. 10 described in (Embodiment 2) is NG and the processing of S1008.
(9) Further, in the modification (8), the content is modified so that it can be restored by a predetermined restoration process, and the processing procedure relating to the reproduction of the content includes the transformed content as the restoration process. The suppression step may include suppressing the execution of the restoration process.

Here, “predetermined restoration processing” and “procedure for restoring the deformed content by the restoration processing” correspond to the processing described in (restoration processing) of (Embodiment 2). For example, this corresponds to the processing performed by the secret information code 815, the restoration processing unit 832, and the presentation processing unit 831.
Further, “the suppression step suppresses the execution of the restoration process” means that “the content modified as described above can be restored and reproduced normally in the above (restoration process)”. Therefore, for example, if the above detection process is NG, rewriting part or all of the area on the memory 901 used by the secret information calculation unit 830 prevents correct secret information from being acquired, It is possible to prevent normal reproduction from being performed, ”and the like.

(10) In Modification (7), the verification information may be information that changes according to timing.
Here, the “information that changes depending on the timing” refers to “the time and timing in this way” in (3) information that depends on time and timing in (Example of verification rule) in (Embodiment 1). Any information that changes can be used for verification. "

(11) In Modification (7), the verification information may be information related to the content to be reproduced.
Here, “the information related to the content to be played” particularly corresponds to the description described in (1) Information related to content in (Example of verification rule) in (Embodiment 1).
(12) In Modification (7), the verification information may be information depending on an execution environment including the virtual machine.

Here, “information dependent on an execution environment including the virtual machine” is described in (2) Information dependent on an execution environment including a virtual machine in (Example of verification rule) in (Embodiment 1). Corresponds to the description.
(13) In Modification (7), a verification value and a verification rule are further recorded in association with each other on the recording medium, and the determination step includes the verification acquired in the acquisition step. A comparison step of comparing information and the verification value recorded on the recording medium based on the verification rule associated with the verification value, and the determination step includes the verification as a result of the comparison When the rule is satisfied, it may be determined that the information processing apparatus is valid.

Here, the “verification value” corresponds to the verification value 403 described with reference to FIG. 5 in (Embodiment 1).
The “verification rule” corresponds to the verification rule 404.
The “comparison step” and the “judgment step” are described in (Embodiment 1) described in (Validity verification of execution environment including virtual machine). Information is acquired (S304), the verification information and the verification value 403 are verified based on the verification rule 404, and the result is passed to S205 in Fig. 2. In this example, if the verification information is the same value as 0xed, the verification result Corresponds to the processing described as “OK is OK, otherwise NG”.

  (14) In Modification (13), the obtaining step includes a requesting step for requesting a value held at the predetermined memory address at the timing of verification, and the verification method further includes the request In response to the request by the step, the step of reading the value held in the predetermined memory address, and returning the read value as the verification information to the verification program, the acquisition of the acquisition step, The verification information returned in response to the request may be acquired, and the comparison step may perform the comparison using the verification information acquired by the response.

Here, the “request step” corresponds to S301 in FIG. 3 described in the first embodiment.
The “reply step” corresponds to S303 in FIG. 3 described in the first embodiment.
(15) In Modification (13), the recording medium further includes a plurality of verification values recorded in association with the verification timing, and the comparison step includes the verification timing at the verification timing. The comparison is performed using the obtained verification information, the verification value associated with the verification timing and the verification rule, and the determination step is repeated each time the verification timing comes A repetition step to be executed, and a determination step of determining that the information processing apparatus is illegal when the verification information and the verification value do not satisfy the verification rule more than a predetermined number of times as a result of the repetition. Also good.

Here, “verification timing” corresponds to the verification timing 402 of FIG. 5 described in the first embodiment.
Further, the “repetition step” particularly corresponds to the processing when S203, S204, S205, and S207 are NO and S208 is NO described in (Embodiment 1).
Further, the “determination step” corresponds to the processing in the case where S208 is YES.

(16) In Modification (13), each of the plurality of verification values is recorded in the recording medium in association with identification information for uniquely identifying the virtual machine, and the comparison step The comparison may be performed using a verification value corresponding to identification information of a virtual machine included in the information processing apparatus.
Here, the “identification information” corresponds to the virtual machine identification information 117 of FIG. 5 described in the first embodiment.

  (17) In Modification (7), a verification timing and a verification rule are further recorded in association with each other on the recording medium, and the information processing apparatus further performs the processing at a predetermined timing. Storage means for storing, as comparison information, a value held at a predetermined memory address, wherein the obtaining step uses the value held at the predetermined memory address at the verification timing as the verification information; And the determination step includes a comparison step of comparing the verification information acquired at the timing of the verification with the comparison information stored in the storage unit based on the verification rule. The step may perform the determination as to whether or not the information processing apparatus is valid based on the comparison result.

  (18) In Modification (17), the obtaining step includes a requesting step for requesting a value held at the predetermined memory address at the verification timing, and the verification method further includes: In response to the request from the request step, the method includes a reply step of reading a value held at the predetermined memory address and returning the read value to the verification program as the verification information. The verification information returned in response to the request may be acquired, and the comparison step may perform the comparison using the verification information acquired by the response.

  Here, the “storage means” is, for example, “and the verification information holding of FIG. 5 in (2) Information dependent on the execution environment including the virtual machine in (Example of verification rule) in (Embodiment 1). Like the verification rule table 500 held by the module 1122, a random number is generated in the execution environment including the virtual machine when the disk is inserted, and stored in the address 0x00aa0010 ”.

  In addition, the “acquisition step”, “comparison step”, and “determination step” are “replay after that” in (2) information dependent on the execution environment including the virtual machine in (example of verification rule) in (embodiment 1) The random number is generated and stored again at the same address at the start or at the time of user operation, and the virtual machine code 121 acquires the newly generated random number and the value is changed compared to the previously held random number. Based on the description of “Verification OK”.

The “request step” corresponds to S301 in FIG. 3 described in the first embodiment.
The “reply step” corresponds to S303 in FIG. 3 described in the first embodiment.
(19) Further, in Modification (17), the information processing apparatus further includes a random number generation unit that generates a random number, and the verification method further includes the random number generation unit at each verification timing. Generating a random number, and holding the generated random number at the predetermined address, and the obtaining step reads out the random number held by the random number holding step at the verification timing The verification information may be acquired, and the determining step may determine that the information processing apparatus is valid when the verification information is different from the comparison information as a result of the comparison. .

Here, the “random number generation unit” corresponds to the random number generation unit 601 in FIG. 6 described in (Embodiment 1).
Further, the “random number holding step” and the “judgment step” are “and the verification in FIG. As in the verification rule table 500 held by the information holding module 1122, a random number is generated in the execution environment including the virtual machine when the disk is inserted, and stored in the address 0x00aa0010. Then, the random number is generated and stored again, and the virtual machine code 121 acquires the newly generated random number, and if the value is changed compared to the previously held random number, the verification is OK. Corresponds to the description.

(20) In addition, in Modification (19), the random number generation unit may perform the generation based on information that depends on an execution environment including the virtual machine.
Here, the “random number generation unit” is the “random number seed” in (2) information dependent on the execution environment including the virtual machine in (Example of verification rule) in (Embodiment 1). If different values are set for each execution environment including virtual machines, such as the virtual machine identification information 117, the possibility of generating the same random number is reduced. "

  (21) In Modification (17), the information processing apparatus further includes a time measuring unit that measures time and writes the time to the predetermined memory address, and the storage unit stores the predetermined memory at a predetermined timing. The time written in the address is stored as comparison information, and the obtaining step reads the time written in the predetermined memory address at the verification timing to read the time in the verification information. The determination step determines that the information processing apparatus is valid when the time indicated in the verification information is greater than the time indicated in the comparison information as a result of the comparison. It is good to do.

Here, the “timer” corresponds to the timer 701 in FIG. 7 described in the first embodiment.
The “storage means”, “acquisition step”, and “determination step” are “and verification in FIG. Like the verification table rule 500 held by the information holding module 1122, the virtual machine code 121 acquires and holds the current time from 0x00ee002 when the disk is inserted, and then acquires the current time from the same address when the clip file is switched. In comparison with the time held last time, if it increases, the verification is OK ”.

  (22) Further, the present invention is an information processing apparatus that executes processing related to reproduction of content recorded in a recording medium and includes a virtual machine therein, the recording medium including the virtual machine on the virtual machine When executed, a verification program for verifying the validity of the information processing apparatus is recorded. The information processing apparatus includes a reading unit that reads the verification program from the recording medium; Accepting means for accepting a request for a value held at the timing of verification from the verification program to the memory address, and receiving the request, reads the value held at the predetermined memory address, and reads the read value to the memory address It is also an information processing apparatus including reply means for replying to the verification program.

  The present invention also provides an integrated circuit that is mounted on an information processing apparatus that executes processing related to reproduction of content recorded on a recording medium and includes a virtual machine. A verification program for verifying the validity of the information processing apparatus is recorded by being executed on the machine, and the integrated circuit reads out the verification program from the recording medium; and A receiving means for receiving a request for a value held at a predetermined memory address at the timing of verification from the verification program; and when receiving the request, the value held at the predetermined memory address is read and the read value It is also an integrated circuit provided with a reply means for returning the above to the verification program.

Here, the “verification program” corresponds to the virtual machine verification module 1121 shown in FIG.
The “reading unit” corresponds to the disk reading unit 111 shown in FIG.
Further, the “accepting unit” and the “reply unit” are realized by the virtual machine execution unit 113 reading, decoding, and executing an instruction code included in the virtual machine execution code 115.

  Further, the present invention is a recording medium that records a verification program that executes processing related to content reproduction and verifies the validity of an information processing device that includes a virtual machine. An acquisition step of acquiring a value held at a predetermined memory address of the information processing device as verification information, and whether or not the information processing device is valid based on the verification information acquired by the acquisition step It is also a recording medium that includes a determination step for determining.

  The present invention also provides a verification program for executing processing related to reproduction of content recorded on a recording medium and causing the information processing device to execute processing for verifying the validity of the information processing device including a virtual machine. The information processing device is validated based on an acquisition step of acquiring, as verification information, a value held at a predetermined memory address of the information processing device, and the verification information acquired by the acquisition step. It is also a verification program including a determination step for determining whether or not.

Here, the “acquisition step” corresponds to the processing of S301 and S304 of FIG. 3 described in (Embodiment 1).
In addition, the “determination step” includes, for example, “virtual machine code 121 obtains the returned verification information (in the first embodiment) described in (Validity verification of execution environment including virtual machine) ( S304), the verification information and the verification value 403 are verified based on the verification rule 404, and the result is passed to S205 in Fig. 2. In this example, if the verification information is the same value as 0xed, the verification result is OK, Otherwise, it is NG ”.

(23) Further, the present invention may be configured as follows.
(23-1) The present invention is an information processing method for executing virtual machine code using a virtual machine, the step of verifying the validity of an execution environment in which the virtual machine code includes a virtual machine, And a step of stopping the processing of the virtual machine code when it is determined that the execution environment including the virtual machine is illegal.

    (23-2) In the information processing method according to the modification (23-1), the verification step further includes a step in which the virtual machine code requests acquisition of information held by an execution environment including the virtual machine; The virtual machine code providing the information to the virtual machine code, the virtual machine code comparing the information with the verification information held by the virtual machine code, and a rule defined by the virtual machine code And verifying legitimacy based on.

(23-3) Further, in the above modification (23-2), the information may be information related to content processed in an execution environment including the virtual machine.
(23-4) In the above modification (23-2), the information may be information depending on an execution environment including the virtual machine.
(23-5) In the above modification (23-2), the information may be information that dynamically changes depending on the execution environment including the virtual machine and the state of the content.

(23-6) Moreover, the present invention causes a computer to execute the steps included in the information processing method described in any of the above-described modified examples (23-1) to (23-5). It is also a program.
(23-7) Moreover, the present invention causes a computer to execute the steps included in the information processing method described in any of the above-described modified examples (23-1) to (23-5). It is also a computer-readable recording medium on which the program is recorded.

  The information processing method according to the present invention can be used in an information processing apparatus that uses a virtual machine and executes a platform-independent program, and security is required for a program that runs on the virtual machine, such as a copyright protection program. This is useful when

FIG. 3 illustrates a configuration of a recording medium and an information processing device according to Embodiment 1. The figure which shows the flow of the virtual machine code execution process in Embodiment 1 The figure which shows the flow of the validity verification process of the execution environment containing the virtual machine in Embodiment 1 Example of data structure of verification rule in Embodiment 1 Example of verification rule table structure of virtual machine code according to Embodiment 1 FIG. 11 is a diagram illustrating another example of the configuration of the recording medium and the information processing device in the first embodiment. FIG. 10 is a diagram illustrating another example of the configuration of the recording medium and the information processing device in the first embodiment. The figure which shows the system model of the storage medium and information processing apparatus in Embodiment 2 The figure which shows the operation | movement of the verification process in Embodiment 2, and a restoration process The figure which shows the flow of the validity verification process of the execution environment containing the virtual machine in Embodiment 2 FIG. 10 is a diagram illustrating another example of the system model of the storage medium and the information processing apparatus according to the second embodiment. The figure which shows the generalized system model of the storage medium and information processing apparatus in Embodiment 2

Explanation of symbols

101, 801, 1201 Information processing apparatus 102, 802, 1202 Recording medium 111 Disk reading unit 112 User operation receiving unit 113 Virtual machine execution unit 114 Information holding unit 115 Virtual machine execution code 117 Verification value table identification information 118 Work information holding unit 121 Virtual machine code 1151 Verification value acquisition module 1154 Virtual machine code execution module 1121 Virtual machine verification module 1122 Verification information module 1123 Code dependent processing module 400 Verification rule table for each virtual machine 401 Address 402 Verification timing 403 Verification value 404 Verification rule 500 Verification information Verification rule table 813, 1113, 1213 held by holding module 1122 Clip file 814 Verification code 815 Secret Information code 816 Restoration information file 824, 1224 Module management unit 827, 1227 Playback control unit 829, 1229 Verification processing unit 830, 1230 Secret information calculation unit 831, 1131, 1231 Presentation processing unit 832, 1132, 1232 Restoration processing unit 901 Memory 902 Verification information memory 903 Virtual machine identification information 904 Interrupt management information 905 Interrupt management information for secret information calculation

Claims (20)

A verification method used in an information processing apparatus for executing processing related to content reproduction by a virtual machine included therein,
A reading step of reading a verification program recorded on a recording medium together with the content;
And a verification step of verifying the validity of the information processing apparatus including the virtual machine by executing the verification program by the virtual machine. The verification step includes
An acquisition step in which the verification program acquires, as verification information, a value held at a predetermined memory address of the information processing apparatus;
The verification method according to claim 1, further comprising a determination step in which the verification program determines whether or not the information processing apparatus is valid based on the verification information acquired in the acquisition step. . The recording medium further records a reproduction-related program that is executed on the virtual machine and includes a processing procedure related to reproduction of the content,
The verification method according to claim 2, further comprising a suppression step of suppressing execution of a processing procedure related to reproduction of the content when the information processing apparatus is illegal as a result of verification. . The content is transformed so that it can be restored by a predetermined restoration process,
The processing procedure relating to the reproduction of the content includes a procedure of restoring the transformed content by the restoration processing,
The verification method according to claim 3, wherein the suppressing step suppresses execution of the restoration process. The verification method according to claim 2, wherein the verification information is information that changes according to timing. The verification method according to claim 2, wherein the verification information is information related to the content to be played back. The verification method according to claim 2, wherein the verification information is information that depends on an execution environment including the virtual machine. In the recording medium, a verification value and a verification rule are further recorded in association with each other,
The determination step includes
A comparison step of comparing the verification information acquired by the acquisition step with the verification value recorded on the recording medium based on the verification rule associated with the verification value;
The verification method according to claim 2, wherein the determination step determines that the information processing apparatus is valid when the verification rule satisfies the verification rule. The obtaining step includes
A request step for requesting a value held at the predetermined memory address at a timing of verification;
The verification method further includes:
In response to the request by the request step, the method includes a step of reading a value held at the predetermined memory address and returning the read value to the verification program as the verification information,
The acquisition of the acquisition step is to acquire the returned verification information in response to the request;
The comparison step includes
The verification method according to claim 8, wherein the comparison is performed using the verification information acquired by the reply. The recording medium further includes
A plurality of the verification values are recorded in association with the timing of verification,
The comparison step includes
Performing the comparison using the verification information acquired at the verification timing, the verification value and the verification rule associated with the verification timing,
The determination step includes
A repetitive step of repeatedly executing the comparison step each time when the timing of verification is reached;
9. The determination step of determining that the information processing apparatus is invalid when the verification information and the verification value do not satisfy the verification rule a predetermined number of times or more as a result of the repetition. Verification method described in 1. The recording medium includes
Each of the plurality of verification values is recorded in association with identification information that uniquely identifies the virtual machine,
9. The verification method according to claim 8, wherein the comparison step performs the comparison using a verification value corresponding to identification information of a virtual machine included in the information processing apparatus. The recording medium further records the timing of verification and the verification rule in association with each other,
The information processing apparatus further includes:
Storage means for storing, as comparison information, a value held at the predetermined memory address at a predetermined timing;
The obtaining step includes
The value held at the predetermined memory address at the verification timing is acquired as the verification information,
The determination step includes
A comparison step of comparing the verification information acquired at the verification timing with the comparison information stored in the storage unit based on the verification rule;
The verification method according to claim 2, wherein the determination step performs the determination as to whether the information processing apparatus is valid based on a result of the comparison. The obtaining step includes
A request step for requesting a value held in the predetermined memory address at the timing of the verification;
The verification method further includes:
In response to the request by the request step, the method includes a step of reading a value held at the predetermined memory address and returning the read value to the verification program as the verification information,
The acquisition of the acquisition step is to acquire the returned verification information in response to the request;
The comparison step includes
The verification method according to claim 12, wherein the comparison is performed using the verification information acquired by the reply. The information processing apparatus further includes:
A random number generator for generating random numbers,
The verification method further includes:
A random number holding step for causing the random number generation unit to generate a random number and holding the generated random number at the predetermined address each time the verification is performed;
The obtaining step includes
In the verification timing, the verification information is obtained by reading the random number held in the random number holding step.
13. The verification method according to claim 12, wherein the determination step determines that the information processing apparatus is valid when the verification information is different from the comparison information as a result of the comparison. The random number generator
The verification method according to claim 14, wherein the generation is performed based on information dependent on an execution environment including the virtual machine. The information processing apparatus further includes:
A time measuring unit for measuring time and writing to the predetermined memory address;
The storage means includes
The time written in the predetermined memory address at a predetermined timing is stored as comparison information,
The obtaining step includes
In the verification timing, the verification information is obtained by reading the time written in the predetermined memory address;
The determination step determines that the information processing apparatus is valid when the time indicated in the verification information is greater than the time indicated in the comparison information as a result of the comparison. The verification method according to claim 12. An information processing apparatus that executes processing related to reproduction of content recorded in a recording medium and includes a virtual machine inside,
The recording medium includes
A verification program for verifying the validity of the information processing apparatus is recorded by being executed on the virtual machine,
The information processing apparatus includes:
Reading means for reading the verification program from the recording medium;
Receiving means for receiving a request for a value held at a predetermined memory address of the information processing apparatus at a verification timing from the verification program;
An information processing apparatus comprising: a reply unit that, when receiving the request, reads a value held at the predetermined memory address and returns the read value to the verification program. An integrated circuit that executes processing related to reproduction of content recorded in a recording medium and is mounted on an information processing apparatus including a virtual machine,
The recording medium includes
A verification program for verifying the validity of the information processing apparatus is recorded by being executed on the virtual machine,
The integrated circuit comprises:
Reading means for reading the verification program from the recording medium;
Receiving means for receiving a request for a value held at a predetermined memory address of the information processing apparatus at a verification timing from the verification program;
An integrated circuit comprising: a reply unit that, when receiving the request, reads a value held at the predetermined memory address and returns the read value to the verification program. A recording medium that records a verification program that executes processing related to content reproduction and verifies the validity of an information processing apparatus including a virtual machine,
The verification program includes:
An acquisition step of acquiring a value held at a predetermined memory address of the information processing apparatus as verification information;
And a determination step of determining whether or not the information processing apparatus is valid based on the verification information acquired in the acquisition step. A verification program for executing processing related to reproduction of content recorded on a recording medium and causing the information processing device to execute processing for verifying the validity of the information processing device including a virtual machine therein,
An acquisition step of acquiring a value held at a predetermined memory address of the information processing apparatus as verification information;
And a determination step of determining whether or not the information processing apparatus is valid based on the verification information acquired in the acquisition step.

Images